Apparatus, system, and method for managing data from a requesting device with an empty data token directive

ABSTRACT

An apparatus, system, and method are disclosed for managing data with an empty data segment directive at the requesting device. The apparatus, system, and method include a token directive generation module and a token directive transmission module. The token directive generation module generates a storage request with a token directive. The token directive includes a request to store on the storage device a data segment token. The token directive substitutes for a series of repeated, identical characters or a series of repeated, identical character strings to be stored as a data segment. The token directive includes at least a data segment identifier and a data segment length. The data segment token and the token directive are substantially free from data of the data segment. The token directive transmission module transmits the token directive to the storage device.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation-in-part of and claims priority toU.S. Provisional Patent Application No. 60/873,111 entitled “ElementalBlade System” and filed on Dec. 7, 2006 for David Flynn, et al., andU.S. Provisional Patent Application No. 60/974,470 entitled “Apparatus,System, and Method for Object-Oriented Solid-State Storage” and filed onSep. 22, 2007 for David Flynn, et al., which are incorporated herein byreference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to managing data in a data storage device andmore particularly relates to managing data in a storage device using anempty data segment directive.

2. Description of the Related Art

Typically, when data is no longer useful it may be erased. In many filesystems, an erase command deletes a directory entry in the file systemwhile leaving the data in place in the storage device containing thedata. Typically, a data storage device is not involved in this type oferase operation. Another method of erasing data is to write zeros, ones,or some other null data character to the data storage device to actuallyreplace the erased file. However, this is inefficient because valuablebandwidth is used while transmitting the data is being overwritten. Inaddition, space in the storage device is taken up by the data used tooverwrite invalid data.

In some storage devices, like the solid-state storage device 102described herein, are append and garbage collect storage devices soupdating previously stored data does not overwrite existing data.Attempting to overwrite data with a string of ones or a string of zeroson such a device takes up valuable space without fulfilling the desiredintent of overwriting the existing data. For these append and garbagecollect devices, such as solid-state storage devices 102, a client 114typically does not have an ability to overwrite data to erase it.

When receiving a string of repeated characters or character strings, thereceived data is highly compressible, but typically compression is doneby a file system prior to transmission to a storage device. A typicalstorage device cannot distinguish between compressed data anduncompressed data. The storage device may also receive a command to readthe erased file so the storage device may transmit a stream of zeros,ones, or a null character to the requesting device. Again, bandwidth isrequired to transmit data representing the erased file.

SUMMARY OF THE INVENTION

From the foregoing discussion, it should be apparent that a need existsfor an apparatus, system, and method for a storage device to receive adirective that data is to be erased so that the storage device can storea data segment token that represents an empty data segment or data withrepeated characters or character strings. The apparatus, system, andmethod may also erase the existing data so that the resulting usedstorage space comprises the small data segment token. An apparatus,system, and method are presented that overcome some or all of theshortcomings of the prior art.

The present invention has been developed in response to the presentstate of the art, and in particular, in response to the problems andneeds in the art that have not yet been fully solved by currentlyavailable data management systems. Accordingly, the present inventionhas been developed to provide an apparatus, system, and method formanaging data that overcome many or all of the above-discussedshortcomings in the art.

The apparatus to manage data is provided with a plurality of modulesincluding a token directive generation module and a token directivetransmission module. The token directive generation module generates astorage request with a token directive. The token directive includes arequest to store on the storage device a data segment token. The tokendirective substitutes for a series of repeated, identical characters ora series of repeated, identical character strings to be stored as a datasegment. The token directive includes at least a data segment identifierand a data segment length. The data segment token and the tokendirective are substantially free from data of the data segment. The datasegment token is substantially free from data of the data segment. Thetoken directive transmission module transmits the token directive to thestorage device.

In one embodiment, the token directive generation module generates botha token directive and a secure erase command in response to a request tooverwrite existing data on the storage device. The existing data isidentified on the storage device with the same data segment identifieras the data segment identifier in the token directive. The secure erasecommand directs the storage device to modify the existing data such thatthe existing data is non-recoverable. In the embodiment, the tokendirective module transmits the secure erase command. In a furtherembodiment, the apparatus includes an erase confirmation module thatreceives a confirmation that the existing data on the storage device hasbeen overwritten with characters such that the existing data isnon-recoverable.

In one embodiment, the token directive generation module generates botha token directive and an encryption key erase command in response to arequest to overwrite existing data on the storage device. The existingdata is identified on the storage device with the same data segmentidentifier as the data segment identifier in the token directive and theexisting data encrypted using an encryption key received in conjunctionwith storing the existing data on the storage device. In the embodiment,the encryption key erase command erases the encryption key used to storethe existing data so that the encryption key is non-recoverable.

In one embodiment, the token directive includes the data segment token.In another embodiment, the token directive is free from the data segmenttoken and includes a command for the storage device to generate the datasegment directive. In another embodiment, the token directive includesat least one instance of the repeated, identical character and/or oneinstance of the repeated, identical character string.

In one embodiment, the apparatus includes a read receiver module, a readrequest module, a read token directive receiver module, and a requestingclient response module. The read receiver module receives a storagerequest to read the data segment from the storage device. The storagerequest is received from a requesting client. The read requesttransmission module transmits the storage request to the storage device.The read token directive receiver module receives a messagecorresponding to the requested data segment token from the storagedevice, where the message includes at least the data segment identifierand the data segment length. The message is substantially free from dataof the data segment. The requesting client response module transmits aresponse to the requesting client formulated from the message receivedfrom the storage device.

In a further embodiment, the apparatus includes a data segmentregeneration module that reconstitutes data of the data segment usinginformation contained in the message, and the response sent to therequesting client includes the data segment. In a related embodiment,the response sent to the requesting client includes informationcontained in the message received from the storage device. In anotherembodiment, the message includes the data segment token.

In one embodiment, the series of repeated, identical characters orcharacter strings indicate that the data segment is empty. In anotherembodiment, the storage request with the token directive includes arequest to reserve storage space on the storage device. The requestedreserved storage space includes an amount of storage space substantiallysimilar to the data segment length.

Another apparatus is included to manage data that includes a readreceiver module, a read request transmission module, a read tokenreceiver module and a requesting client response module substantiallysimilar to those described above. In one embodiment, the apparatusincludes a data segment regeneration module that reconstitutes data ofthe data segment using the information contained in the message andwherein the response sent to the requesting client comprises the datasegment. In another embodiment, the response sent to the requestingclient comprises information contained in the message received from thestorage device.

A system of the present invention is also presented for managing data.The system includes a server in communication with a storage device anda client. The server includes a token directive generation module and atoken directive transmission module. The token directive generationmodule generates storage request with a token directive. The tokendirective includes a request to store on a storage device a data segmenttoken. The token directive substitutes for the data segment. The tokendirective includes at least a data segment identifier and a data segmentlength and the data segment token is substantially free from data of thedata segment. The token directive transmission module transmits thetoken directive to the storage device.

In one embodiment, the system includes a read receiver module, a readrequest transmission module, a read token directive receiver module, anda requesting client response module. The read receiver module receives astorage request to read the data segment from the storage device. Thestorage request is received from the client. The read requesttransmission module transmits the storage request to the storage device.The read token directive receiver module receives a messagecorresponding to the requested data segment token from the storagedevice. The message includes at least the data segment identifier andthe data segment length. The message is substantially free from data ofthe data segment. The requesting client response module transmits aresponse to the client formulated from the message received from thestorage device. In one embodiment, the requesting client executes on theserver, where the requesting client includes at least one of anapplication, a file server, and a client.

A method of the present invention is also presented for managing data.The method in the disclosed embodiments substantially includes the stepsnecessary to carry out the functions presented above with respect to theoperation of the described apparatus and system. In one embodiment, themethod includes generating a storage request with a token directive. Thetoken directive includes a request to store on a storage device a datasegment token. The token directive substitutes for the data segment andthe token directive includes at least a data segment identifier and adata segment length. The data segment token is substantially free fromdata of the data segment. The method includes transmitting the tokendirective to the storage device.

An alternate method for managing data includes receiving a storagerequest to read a data segment from a storage device, where the storagerequest is received from a requesting client. The method includestransmitting the storage request to the storage device. The methodincludes receiving a message corresponding to the requested data segmenttoken from the storage device. The message includes at least the datasegment identifier and the data segment length. The message issubstantially free from data of the data segment. The method includestransmitting a response to the requesting client formulated from themessage received from the storage device.

Reference throughout this specification to features, advantages, orsimilar language does not imply that all of the features and advantagesthat may be realized with the present invention should be or are in anysingle embodiment of the invention. Rather, language referring to thefeatures and advantages is understood to mean that a specific feature,advantage, or characteristic described in connection with an embodimentis included in at least one embodiment of the present invention. Thus,discussion of the features and advantages, and similar language,throughout this specification may, but do not necessarily, refer to thesame embodiment.

Furthermore, the described features, advantages, and characteristics ofthe invention may be combined in any suitable manner in one or moreembodiments. One skilled in the relevant art will recognize that theinvention may be practiced without one or more of the specific featuresor advantages of a particular embodiment. In other instances, additionalfeatures and advantages may be recognized in certain embodiments thatmay not be present in all embodiments of the invention.

These features and advantages of the present invention will become morefully apparent from the following description and appended claims, ormay be learned by the practice of the invention as set forthhereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the advantages of the invention will be readilyunderstood, a more particular description of the invention brieflydescribed above will be rendered by reference to specific embodimentsthat are illustrated in the appended drawings. Understanding that thesedrawings depict only typical embodiments of the invention and are nottherefore to be considered to be limiting of its scope, the inventionwill be described and explained with additional specificity and detailthrough the use of the accompanying drawings, in which:

FIG. 1A is a schematic block diagram illustrating one embodiment of asystem for data management in a solid-state storage device in accordancewith the present invention;

FIG. 1B is a schematic block diagram illustrating one embodiment of asystem for object management in a storage device in accordance with thepresent invention;

FIG. 2A is a schematic block diagram illustrating one embodiment of anapparatus for object management in a storage device in accordance withthe present invention;

FIG. 2B is a schematic block diagram illustrating one embodiment of asolid-state storage device controller in a solid-state storage device inaccordance with the present invention;

FIG. 3 is a schematic block diagram illustrating one embodiment of asolid-state storage controller with a write data pipeline and a readdata pipeline in a solid-state storage device in accordance with thepresent invention;

FIG. 4A is a schematic block diagram illustrating one embodiment of abank interleave controller in the solid-state storage controller inaccordance with the present invention;

FIG. 4B is a schematic block diagram illustrating an alternateembodiment of a bank interleave controller in the solid-state storagecontroller in accordance with the present invention;

FIG. 5 is a schematic flow chart diagram illustrating one embodiment ofa method for managing data in a solid-state storage device using a datapipeline in accordance with the present invention;

FIG. 6 is a schematic flow chart diagram illustrating another embodimentof a method for managing data in a solid-state storage device using adata pipeline in accordance with the present invention;

FIG. 7 is a schematic flow chart diagram illustrating an embodiment of amethod for managing data in a solid-state storage device using a bankinterleave in accordance with the present invention;

FIG. 8 is a schematic block diagram illustrating one embodiment of anapparatus for garbage collection in a solid-state storage device inaccordance with the present invention;

FIG. 9 is a schematic flow chart diagram illustrating one embodiment ofa method for garbage collection in a solid state storage device inaccordance with the present invention;

FIG. 10 is a schematic block diagram illustrating one embodiment of asystem with an apparatus for generating a token directive in accordancewith the present invention;

FIG. 11 is a schematic flow chart diagram illustrating an embodiment ofa method for generating and transmitting a token directive in accordancewith the present invention;

FIG. 12 is a schematic flow chart diagram illustrating an embodiment ofa method for reading a data segment token in accordance with the presentinvention;

FIG. 13 is a schematic block diagram illustrating one embodiment of asystem with an apparatus for managing a data segment token in accordancewith the present invention;

FIG. 14 is a schematic flow chart diagram illustrating an embodiment ofa method for storing a data segment token in accordance with the presentinvention; and

FIG. 15 is a schematic flow chart diagram illustrating an embodiment ofa method for reading a data segment token in accordance with the presentinvention.

DETAILED DESCRIPTION OF THE INVENTION

Many of the functional units described in this specification have beenlabeled as modules, in order to more particularly emphasize theirimplementation independence. For example, a module may be implemented asa hardware circuit comprising custom VLSI circuits or gate arrays,off-the-shelf semiconductors such as logic chips, transistors, or otherdiscrete components. A module may also be implemented in programmablehardware devices such as field programmable gate arrays, programmablearray logic, programmable logic devices or the like.

Modules may also be implemented in software for execution by varioustypes of processors. An identified module of executable code may, forinstance, comprise one or more physical or logical blocks of computerinstructions which may, for instance, be organized as an object,procedure, or function. Nevertheless, the executables of an identifiedmodule need not be physically located together, but may comprisedisparate instructions stored in different locations which, when joinedlogically together, comprise the module and achieve the stated purposefor the module.

Indeed, a module of executable code may be a single instruction, or manyinstructions, and may even be distributed over several different codesegments, among different programs, and across several memory devices.Similarly, operational data may be identified and illustrated hereinwithin modules, and may be embodied in any suitable form and organizedwithin any suitable type of data structure. The operational data may becollected as a single data set, or may be distributed over differentlocations including over different storage devices, and may exist, atleast partially, merely as electronic signals on a system or network.Where a module or portions of a module are implemented in software, thesoftware portions are stored on one or more computer readable media.

Reference throughout this specification to “one embodiment,” “anembodiment,” or similar language means that a particular feature,structure, or characteristic described in connection with the embodimentis included in at least one embodiment of the present invention. Thus,appearances of the phrases “in one embodiment,” “in an embodiment,” andsimilar language throughout this specification may, but do notnecessarily, all refer to the same embodiment.

Reference to a signal bearing medium may take any form capable ofgenerating a signal, causing a signal to be generated, or causingexecution of a program of machine-readable instructions on a digitalprocessing apparatus. A signal bearing medium may be embodied by atransmission line, a compact disk, digital-video disk, a magnetic tape,a Bernoulli drive, a magnetic disk, a punch card, flash memory,integrated circuits, or other digital processing apparatus memorydevice.

Furthermore, the described features, structures, or characteristics ofthe invention may be combined in any suitable manner in one or moreembodiments. In the following description, numerous specific details areprovided, such as examples of programming, software modules, userselections, network transactions, database queries, database structures,hardware modules, hardware circuits, hardware chips, etc., to provide athorough understanding of embodiments of the invention. One skilled inthe relevant art will recognize, however, that the invention may bepracticed without one or more of the specific details, or with othermethods, components, materials, and so forth. In other instances,well-known structures, materials, or operations are not shown ordescribed in detail to avoid obscuring aspects of the invention.

The schematic flow chart diagrams included herein are generally setforth as logical flow chart diagrams. As such, the depicted order andlabeled steps are indicative of one embodiment of the presented method.Other steps and methods may be conceived that are equivalent infunction, logic, or effect to one or more steps, or portions thereof, ofthe illustrated method. Additionally, the format and symbols employedare provided to explain the logical steps of the method and areunderstood not to limit the scope of the method. Although various arrowtypes and line types may be employed in the flow chart diagrams, theyare understood not to limit the scope of the corresponding method.Indeed, some arrows or other connectors may be used to indicate only thelogical flow of the method. For instance, an arrow may indicate awaiting or monitoring period of unspecified duration between enumeratedsteps of the depicted method. Additionally, the order in which aparticular method occurs may or may not strictly adhere to the order ofthe corresponding steps shown.

Solid-State Storage System

FIG. 1A is a schematic block diagram illustrating one embodiment of asystem 100 for data management in a solid-state storage device inaccordance with the present invention. The system 100 includes asolid-state storage device 102, a solid-state storage controller 104, awrite data pipeline 106, a read data pipeline 108, a solid-state storage110, a computer 112, a client 114, and a computer network 116, which aredescribed below.

The system 100 includes at least one solid-state storage device 102. Inanother embodiment, the system 100 includes two or more solid-statestorage devices 102. Each solid-state storage device 102 may includenon-volatile, solid-state storage 110, such as flash memory, nano randomaccess memory (“nano RAM or NRAM”), magneto-resistive RAM (“MRAM”),dynamic RAM (“DRAM”), phase change RAM (“PRAM”), etc. The solid-statestorage device 102 is described in more detail with respect to FIGS. 2and 3. The solid-state storage device 102 is depicted in a computer 112connected to a client 114 through a computer network 116. In oneembodiment, the solid-state storage device 102 is internal to thecomputer 112 and is connected using a system bus, such as a peripheralcomponent interconnect express (“PCI-e”) bus, a Serial AdvancedTechnology Attachment (“serial ATA”) bus, or the like. In anotherembodiment, the solid-state storage device 102 is external to thecomputer 112 and is connected, a universal serial bus (“USB”)connection, an Institute of Electrical and Electronics Engineers(“IEEE”) 1394 bus (“FireWire”), or the like. In other embodiments, thesolid-state storage device 102 is connected to the computer 112 using aperipheral component interconnect (“PCI”) express bus using externalelectrical or optical bus extension or bus networking solution such asInfiniband or PCI Express Advanced Switching (“PCIe-AS”), or the like.

In various embodiments, the solid-state storage device 102 may be in theform of a dual-inline memory module (“DIMM”), a daughter card, or amicro-module. In another embodiment, the solid-state storage device 102is an element within a rack-mounted blade. In another embodiment, thesolid state storage device 102 is contained within a package that isintegrated directly onto a higher level assembly (e.g. mother board, laptop, graphics processor). In another embodiment, individual componentscomprising the solid-state storage device 102 are integrated directlyonto a higher level assembly without intermediate packaging.

The solid-state storage device 102 includes one or more solid-statestorage controllers 104, each may include a write data pipeline 106 anda read data pipeline 108 and each includes a solid-state storage 110,which are described in more detail below with respect to FIGS. 2 and 3.

The system 100 includes one or more computers 112 connected to thesolid-state storage device 102. A computer 112 may be a host, a server,a storage controller of a storage area network (“SAN”), a workstation, apersonal computer, a laptop computer, a handheld computer, asupercomputer, a computer cluster, a network switch, router, orappliance, a database or storage appliance, a data acquisition or datacapture system, a diagnostic system, a test system, a robot, a portableelectronic device, a wireless device, or the like. In anotherembodiment, a computer 112 may be a client and the solid-state storagedevice 102 operates autonomously to service data requests sent from thecomputer 112. In this embodiment, the computer 112 and solid-statestorage device 102 may be connected using a computer network, systembus, or other communication means suitable for connection between acomputer 112 and an autonomous solid-state storage device 102.

In one embodiment, the system 100 includes one or more clients 114connected to one or more computer 112 through one or more computernetworks 116. A client 114 may be a host, a server, a storage controllerof a SAN, a workstation, a personal computer, a laptop computer, ahandheld computer, a supercomputer, a computer cluster, a networkswitch, router, or appliance, a database or storage appliance, a dataacquisition or data capture system, a diagnostic system, a test system,a robot, a portable electronic device, a wireless device, or the like.The computer network 116 may include the Internet, a wide area network(“WAN”), a metropolitan area network (“MAN”), a local area network(“LAN”), a token ring, a wireless network, a fiber channel network, aSAN, network attached storage (“NAS”), ESCON, or the like, or anycombination of networks. The computer network 116 may also include anetwork from the IEEE 802 family of network technologies, such Ethernet,token ring, WiFi, WiMax, and the like.

The computer network 116 may include servers, switches, routers,cabling, radios, and other equipment used to facilitate networkingcomputers 112 and clients 114. In one embodiment, the system 100includes multiple computers 112 that communicate as peers over acomputer network 116. In another embodiment, the system 100 includesmultiple solid-state storage devices 102 that communicate as peers overa computer network 116. One of skill in the art will recognize othercomputer networks 116 comprising one or more computer networks 116 andrelated equipment with single or redundant connection between one ormore clients 114 or other computer with one or more solid-state storagedevices 102 or one or more solid-state storage devices 102 connected toone or more computers 112. In one embodiment, the system 100 includestwo or more solid-state storage devices 102 connected through thecomputer network 116 to a client 114 without a computer 112.

Storage Controller-Managed Objects

FIG. 1B is a schematic block diagram illustrating one embodiment of asystem 101 for object management in a storage device in accordance withthe present invention. The system 101 includes one or more storagedevices 150, each with a storage controller 152 and one or more datastorage devices 154, and one or more requesting devices 155. The storagedevices 150 are networked together and coupled to one or more requestingdevices 155. The requesting device 155 sends object requests to astorage device 150 a. An object request may be a request to create anobject, a request to write data to an object, a request to read datafrom an object, a request to delete an object, a request to checkpointan object, a request to copy an object, and the like. One of skill inthe art will recognize other object requests.

In one embodiment, the storage controller 152 and data storage device154 are separate devices. In another embodiment, the storage controller152 and data storage device 154 are integrated into one storage device150. In another embodiment, a data storage device 154 is a solid-statestorage 110 and the storage controller 152 is a solid-state storagedevice controller 202. In other embodiments, a data storage device 154may be a hard disk drive, an optical drive, tape storage, or the like.In another embodiment, a storage device 150 may include two or more datastorage devices 154 of different types.

In one embodiment, the data storage device 154 is a solid-state storage110 and is arranged as an array of solid-state storage elements 216,218, 220. In another embodiment, the solid-state storage 110 is arrangedin two or more banks 214 a-n. Solid-state storage 110 is described inmore detail below with respect to FIG. 2B.

The storage devices 150 a-n may be networked together and act as adistributed storage device. The storage device 150 a coupled to therequesting device 155 controls object requests to the distributedstorage device. In one embodiment, the storage devices 150 andassociated storage controllers 152 manage objects and appear to therequesting device(s) 155 as a distributed object file system. In thiscontext, a parallel object file system is an example of a type ofdistributed object file system. In another embodiment, the storagedevices 150 and associated storage controllers 152 manage objects andappear to the requesting device(s) 155 as distributed object fileservers. In this context, a parallel object file server is an example ofa type of distributed object file server. In these and other embodimentsthe requesting device 155 may exclusively manage objects or participatein managing objects in conjunction with storage devices 150; thistypically does not limit the ability of storage devices 150 to fullymanage objects for other clients 114. In the degenerate case, eachdistributed storage device, distributed object file system anddistributed object file server can operate independently as a singledevice. The networked storage devices 150 a-n may operate as distributedstorage devices, distributed object file systems, distributed objectfile servers, and any combination thereof having images of one or moreof these capabilities configured for one or more requesting devices 155.For example, the storage devices 150 may be configured to operate asdistributed storage devices for a first requesting device 155 a, whileoperating as distributed storage devices and distributed object filesystems for requesting devices 155 b. Where the system 101 includes onestorage device 150 a, the storage controller 152 a of the storage device150 a manages objects may appear to the requesting device(s) 155 as anobject file system or an object file server.

In one embodiment where the storage devices 150 are networked togetheras a distributed storage device, the storage devices 150 serve as aredundant array of independent drives (“RAID”) managed by one or moredistributed storage controllers 152. For example, a request to write adata segment of an object results in the data segment being strippedacross the data storage devices 154 a-n with a parity stripe, dependingupon the RAID level. One benefit of such an arrangement is that such anobject management system may continue to be available when a singlestorage device 150 has a failure, whether of the storage controller 152,the data storage device 154, or other components of storage device 150.

When redundant networks are used to interconnect the storage devices 150and requesting devices 155, the object management system may continue tobe available in the presence of network failures as long as one of thenetworks remains operational. A system 101 with a single storage device150 a may also include multiple data storage devices 154 a and thestorage controller 152 a of the storage device 150 a may act as a RAIDcontroller and stripe the data segment across the data storage devices154 a of the storage device 150 a and may include a parity stripe,depending upon the RAID level.

In one embodiment, where the one or more storage devices 150 a-n aresolid-state storage devices 102 with a solid-state storage devicecontroller 202 and solid-state storage 110, the solid-state storagedevice(s) 102 may be configured in a DIMM configuration, daughter card,micro-module, etc. and reside in a computer 112. The computer 112 may bea server or similar device with the solid-state storage devices 102networked together and acting as distributed RAID controllers.Beneficially, the storage devices 102 may be connected using PCI-e,PCIe-AS, Infiniband or other high-performance bus, switched bus,networked bus, or network and may provide a very compact, highperformance RAID storage system with single or distributed solid-statestorage controllers 202 autonomously striping a data segment acrosssolid-state storage 110 a-n.

In one embodiment, the same network used by the requesting device 155 tocommunicate with storage devices 150 may be used by the peer storagedevice 150 a to communicate with peer storage devices 150 b-n toaccomplish RAID functionality. In another embodiment, a separate networkmay be used between the storage devices 150 for the purpose of RAIDing.In another embodiment, the requesting devices 155 may participate in theRAIDing process by sending redundant requests to the storage devices150. For example, requesting device 155 may send a first object writerequest to a first storage device 150 a and a second object writerequest with the same data segment to a second storage device 150 b toachieve simple mirroring.

With the ability for object handling within the storage device(s) 102,the storage controller(s) 152 uniquely have the ability to store onedata segment or object using one RAID level while another data segmentor object is stored using a different RAID level or without RAIDstriping. These multiple RAID groupings may be associated with multiplepartitions within the storage devices 150. RAID 0, RAID 1, RAID5, RAID6and composite RAID types 10, 50, 60, can be supported simultaneouslyacross a variety of RAID groups comprising data storage devices 154 a-n.One skilled in the art will recognize other RAID types andconfigurations that may also be simultaneously supported.

Also, because the storage controller(s) 152 operate autonomously as RAIDcontrollers, the RAID controllers can perform progressive RAIDing andcan transform objects or portions of objects striped across data storagedevices 154 with one RAID level to another RAID level without therequesting device 155 being affected, participating or even detectingthe change in RAID levels. In the preferred embodiment, progressing theRAID configuration from one level to another level may be accomplishedautonomously on an object or even a packet bases and is initiated by adistributed RAID control module operating in one of the storage devices150 or the storage controllers 152. Typically, RAID progression will befrom a higher performance and lower efficiency storage configurationsuch as RAID1 to a lower performance and higher storage efficiencyconfiguration such as RAID5 where the transformation is dynamicallyinitiated based on the frequency of access. But, one can see thatprogressing the configuration from RAID5 to RAID1 is also possible.Other processes for initiating RAID progression may be configured orrequested from clients or external agents such a storage systemmanagement server request. One of skill in the art will recognize otherfeatures and benefits of a storage device 102 with a storage controller152 that autonomously manages objects.

Apparatus for Storage Controller-Managed Objects

FIG. 2A is a schematic block diagram illustrating one embodiment of anapparatus 200 for object management in a storage device in accordancewith the present invention. The apparatus 200 includes a storagecontroller 152 with an object request receiver module 260, a parsingmodule 262, a command execution module 264, an object index module 266,an object request queuing module 268, a packetizer 302 with a messagesmodule 270, and an object index reconstruction module 272, which aredescribed below.

The storage controller 152 is substantially similar to the storagecontroller 152 described in relation to the system 101 of FIG. 1B andmay be a solid-state storage device controller 202 described in relationto FIG. 2. The apparatus 200 includes an object request receiver module260 that receives an object request from one or more requesting devices155. For example, for a store object data request, the storagecontroller 152 stores the data segment as a data packet in a datastorage device 154 coupled to the storage controller 152. The objectrequest is typically directed at a data segment stored or to be storedin one or more object data packets for an object managed by the storagecontroller 152. The object request may request that the storagecontroller 152 create an object to be later filled with data throughlater object request which may utilize a local or remote direct memoryaccess (“DMA,” “RDMA”) transfer.

In one embodiment, the object request is a write request to write all orpart of an object to a previously created object. In one example, thewrite request is for a data segment of an object. The other datasegments of the object may be written to the storage device 150 or toother storage devices. In another example, the write request is for anentire object. In another example, the object request is to read datafrom a data segment managed by the storage controller 152. In yetanother embodiment, the object request is a delete request to delete adata segment or object.

Advantageously, the storage controller 152 can accept write requeststhat do more than write a new object or append data to an existingobject. For example, a write request received by the object requestreceiver module 260 may include a request to add data ahead of datastored by the storage controller 152, to insert data into the storeddata, or to replace a segment of data. The object index maintained bythe storage controller 152 provides the flexibility required for thesecomplex write operations that is not available in other storagecontrollers, but is currently available only outside of storagecontrollers in file systems of servers and other computers.

The apparatus 200 includes a parsing module 262 that parses the objectrequest into one or more commands. Typically, the parsing module 262parses the object request into one or more buffers. For example, one ormore commands in the object request may be parsed into a command buffer.Typically the parsing module 262 prepares an object request so that theinformation in the object request can be understood and executed by thestorage controller 152. One of skill in the art will recognize otherfunctions of a parsing module 262 that parses an object request into oneor more commands.

The apparatus 200 includes a command execution module 264 that executesthe command(s) parsed from the object request. In one embodiment, thecommand execution module 264 executes one command. In anotherembodiment, the command execution module 264 executes multiple commands.Typically, the command execution module 264 interprets a command parsedfrom the object request, such as a write command, and then creates,queues, and executes subcommands. For example, a write command parsedfrom an object request may direct the storage controller 152 to storemultiple data segments. The object request may also include requiredattributes such as encryption, compression, etc. The command executionmodule 264 may direct the storage controller 152 to compress the datasegments, encrypt the data segments, create one or more data packets andassociated headers for each data packet, encrypt the data packets with amedia encryption key, add error correcting code, and store the datapackets a specific location. Storing the data packets at a specificlocation and other subcommands may also be broken down into other lowerlevel subcommands. One of skill in the art will recognize other waysthat the command execution module 264 can execute one or more commandsparsed from an object request.

The apparatus 200 includes an object index module 266 that creates anobject entry in an object index in response to the storage controller152 creating an object or storing the data segment of the object.Typically, the storage controller 152 creates a data packet from thedata segment and the location of where the data packet is stored isassigned at the time the data segment is stored. Object metadatareceived with a data segment or as part of an object request may bestored in a similar way.

The object index module 266 creates an object entry into an object indexat the time the data packet is stored and the physical address of thedata packet is assigned. The object entry includes a mapping between alogical identifier of the object and one or more physical addressescorresponding to where the storage controller 152 stored one or moredata packets and any object metadata packets. In another embodiment, theentry in the object index is created before the data packets of theobject are stored. For example, if the storage controller 152 determinesa physical address of where the data packets are to be stored earlier,the object index module 266 may create the entry in the object indexearlier.

Typically, when an object request or group of object requests results inan object or data segment being modified, possibly during aread-modify-write operation, the object index module 266 updates anentry in the object index corresponding the modified object. In oneembodiment, the object index creates a new object and a new entry in theobject index for the modified object. Typically, where only a portion ofan object is modified, the object includes modified data packets andsome data packets that remain unchanged. In this case, the new entryincludes a mapping to the unchanged data packets as where they wereoriginally written and to the modified objects written to a newlocation.

In another embodiment, where the object request receiver module 260receives an object request that includes a command that erases a datablock or other object elements, the storage controller 152 may store atleast one packet such as an erase packet that includes informationincluding a reference to the object, relationship to the object, and thesize of the data block erased. Additionally, it may further indicatethat the erased object elements are filled with zeros. Thus, the eraseobject request can be used to emulate actual memory or storage that iserased and actually has a portion of the appropriate memory/storageactually stored with zeros in the cells of the memory/storage.

Beneficially, creating an object index with entries indicating mappingbetween data segments and metadata of an object allows the storagecontroller 152 to autonomously handle and manage objects. Thiscapability allows a great amount of flexibility for storing data in thestorage device 150. Once the index entry for the object is created,subsequent object requests regarding the object can be servicedefficiently by the storage controller 152.

In one embodiment, the storage controller 152 includes an object requestqueuing module 268 that queues one or more object requests received bythe object request receiver module 260 prior to parsing by the parsingmodule 262. The object request queuing module 268 allows flexibilitybetween when an object request is received and when it is executed.

In another embodiment, the storage controller 152 includes a packetizer302 that creates one or more data packets from the one or more datasegments where the data packets are sized for storage in the datastorage device 154. The packetizer 302 is described below in more detailwith respect to FIG. 3. The packetizer 302 includes, in one embodiment,a messages module 270 that creates a header for each packet. The headerincludes a packet identifier and a packet length. The packet identifierrelates the packet to the object for which the packet was formed.

In one embodiment, each packet includes a packet identifier that isself-contained in that the packet identifier contains adequateinformation to identify the object and relationship within the object ofthe object elements contained within the packet. However, a moreefficient preferred embodiment is to store packets in containers.

A container is a data construct that facilitates more efficient storageof packets and helps establish relationships between an object and datapackets, metadata packets, and other packets related to the object thatare stored within the container. Note that the storage controller 152typically treats object metadata received as part of an object and datasegments in a similar manner. Typically “packet” may refer to a datapacket comprising data, a metadata packet comprising metadata, oranother packet of another packet type. An object may be stored in one ormore containers and a container typically includes packets for no morethan one unique object. An object may be distributed between multiplecontainers. Typically a container is stored within a single logicalerase block (storage division) and is typically never split betweenlogical erase blocks.

A container, in one example, may be split between two or morelogical/virtual pages. A container is identified by a container labelthat associates that container with an object. A container may containzero to many packets and the packets within a container are typicallyfrom one object. A packet may be of many object element types, includingobject attribute elements, object data elements, object index elements,and the like. Hybrid packets may be created that include more than oneobject element type. Each packet may contain zero to many elements ofthe same element type. Each packet within a container typically containsa unique identifier that identifies the relationship to the object.

Each packet is associated with one container. In a preferred embodiment,containers are limited to an erase block so that at or near thebeginning of each erase block a container packet can be found. Thishelps limit data loss to an erase block with a corrupted packet header.In this embodiment, if the object index is unavailable and a packetheader within the erase block is corrupted, the contents from thecorrupted packet header to the end of the erase block may be lostbecause there is possibly no reliable mechanism to determine thelocation of subsequent packets. In another embodiment, a more reliableapproach is to have a container limited to a page boundary. Thisembodiment requires more header overhead. In another embodiment,containers can flow across page and erase block boundaries. Thisrequires less header overhead but a larger portion of data may be lostif a packet header is corrupted. For these several embodiments it isexpected that some type of RAID is used to further ensure dataintegrity.

In one embodiment, the apparatus 200 includes an object indexreconstruction module 272 that that reconstructs the entries in theobject index using information from packet headers stored in the datastorage device 154. In one embodiment, the object index reconstructionmodule 272 reconstructs the entries of the object index by readingheaders to determine the object to which each packet belongs andsequence information to determine where in the object the data ormetadata belongs. The object index reconstruction module 272 usesphysical address information for each packet and timestamp or sequenceinformation to create a mapping between the physical locations of thepackets and the object identifier and data segment sequence. Timestampor sequence information is used by the object index reconstructionmodule 272 to replay the sequence of changes made to the index andthereby typically reestablish the most recent state.

In another embodiment, the object index reconstruction module 272locates packets using packet header information along with containerpacket information to identify physical locations of the packets, objectidentifier, and sequence number of each packet to reconstruct entries inthe object index. In one embodiment, erase blocks are time stamped orgiven a sequence number as packets are written and the timestamp orsequence information of an erase block is used along with informationgathered from container headers and packet headers to reconstruct theobject index. In another embodiment, timestamp or sequence informationis written to an erase block when the erase block is recovered.

Where the object index is stored in volatile memory, an error, loss ofpower, or other problem causing the storage controller 152 to shut downwithout saving the object index could be a problem if the object indexcannot be reconstructed. The object index reconstruction module 272allows the object index to be stored in volatile memory allowing theadvantages of volatile memory, such as fast access. The object indexreconstruction module 272 allows quick reconstruction of the objectindex autonomously without dependence on a device external to thestorage device 150.

In one embodiment, the object index in volatile memory is storedperiodically in a data storage device 154. In a particular example, theobject index, or “index metadata,” is stored periodically in asolid-state storage 110. In another embodiment, the index metadata isstored in a solid-state storage 110 n separate from solid-state storage110 a-110 n-1 storing packets. The index metadata is managedindependently from data and object metadata transmitted from arequesting device 155 and managed by the storage controller152/solid-state storage device controller 202. Managing and storingindex metadata separate from other data and metadata from an objectallows efficient data flow without the storage controller152/solid-state storage device controller 202 unnecessarily processingobject metadata.

In one embodiment, where an object request received by the objectrequest receiver module 260 includes a write request, the storagecontroller 152 receives one or more data segments of an object frommemory of a requesting device 155 as a local or remote direct memoryaccess (“DMA,” “RDMA”) operation. In a preferred example, the storagecontroller 152 pulls data from the memory of the requesting device 155in one or more DMA or RDMA operations. In another example, therequesting device 155 pushes the data segment(s) to the storagecontroller 152 in one or more DMA or RDMA operations. In anotherembodiment, where the object request includes a read request, thestorage controller 152 transmits one or more data segments of an objectto the memory of the requesting device 155 in one or more DMA or RDMAoperations. In a preferred example, the storage controller 152 pushesdata to the memory of the requesting device 155 in one or more DMA orRDMA operations. In another example, the requesting device 155 pullsdata from the storage controller 152 in one or more DMA or RDMAoperations. In another example, the storage controller 152 pulls objectcommand request sets from the memory of the requesting device 155 in oneor more DMA or RDMA operations. In another example, the requestingdevice 155 pushes object command request sets to the storage controller152 in one or more DMA or RDMA operations.

In one embodiment, the storage controller 152 emulates block storage andan object communicated between the requesting device 155 and the storagecontroller 152 comprises one or more data blocks. In one embodiment, therequesting device 155 includes a driver so that the storage device 150appears as a block storage device. For example, the requesting device155 may send a block of data of a certain size along with a physicaladdress of where the requesting device 155 wants the data block stored.The storage controller 152 receives the data block and uses the physicalblock address transmitted with the data block or a transformation of thephysical block address as an object identifier. The storage controller152 then stores the data block as an object or data segment of an objectby packetizing the data block and storing the data block at will. Theobject index module 266 then creates an entry in the object index usingthe physical block-based object identifier and the actual physicallocation where the storage controller 152 stored the data packetscomprising the data from the data block.

In another embodiment, the storage controller 152 emulates block storageby accepting block objects. A block object may include one or more datablocks in a block structure. In one embodiment, the storage controller152 treats the block object as any other object. In another embodiment,an object may represent an entire block device, partition of a blockdevice, or some other logical or physical sub-element of a block deviceincluding a track, sector, channel, and the like. Of particular note isthe ability to remap a block device RAID group to an object supporting adifferent RAID construction such as progressive RAID. One skilled in theart will recognize other mappings of traditional or future block devicesto objects.

Solid-State Storage Device

FIG. 2B is a schematic block diagram illustrating one embodiment 201 ofa solid-state storage device controller 202 that includes a write datapipeline 106 and a read data pipeline 108 in a solid-state storagedevice 102 in accordance with the present invention. The solid-statestorage device controller 202 may include a number of solid-statestorage controllers 0-N 104 a-n, each controlling solid-state storage110. In the depicted embodiment, two solid-state controllers are shown:solid-state controller 0 104 a and solid-state storage controller N 104n, and each controls solid-state storage 110 a-n. In the depictedembodiment, solid-state storage controller 0 104 a controls a datachannel so that the attached solid-state storage 110 a stores data.Solid-state storage controller N 104 n controls an index metadatachannel associated with the stored data and the associated solid-statestorage 110 n stores index metadata. In an alternate embodiment, thesolid-state storage device controller 202 includes a single solid-statecontroller 104 a with a single solid-state storage 110 a. In anotherembodiment, there are a plurality of solid-state storage controllers 104a-n and associated solid-state storage 110 a-n. In one embodiment, oneor more solid state controllers 104 a-104 n-1, coupled to theirassociated solid-state storage 110 a-110 n-1, control data while atleast one solid-state storage controller 104 n, coupled to itsassociated solid-state storage 110 n, controls index metadata.

In one embodiment, at least one solid-state controller 104 isfield-programmable gate array (“FPGA”) and controller functions areprogrammed into the FPGA. In a particular embodiment, the FPGA is aXilinx® FPGA. In another embodiment, the solid-state storage controller104 comprises components specifically designed as a solid-state storagecontroller 104, such as an application-specific integrated circuit(“ASIC”) or custom logic solution. Each solid-state storage controller104 typically includes a write data pipeline 106 and a read datapipeline 108, which are describe further in relation to FIG. 3. Inanother embodiment, at least one solid-state storage controller 104 ismade up of a combination FPGA, ASIC, and custom logic components.

Solid-State Storage

The solid state storage 110 is an array of non-volatile solid-statestorage elements 216, 218, 220, arranged in banks 214, and accessed inparallel through a bi-directional storage input/output (“I/O”) bus 210.The storage I/O bus 210, in one embodiment, is capable of unidirectionalcommunication at any one time. For example, when data is being writtento the solid-state storage 110, data cannot be read from the solid-statestorage 110. In another embodiment, data can flow both directionssimultaneously. However bi-directional, as used herein with respect to adata bus, refers to a data pathway that can have data flowing in onlyone direction at a time, but when data flowing one direction on thebi-directional data bus is stopped, data can flow in the oppositedirection on the bi-directional data bus.

A solid-state storage element (e.g. SSS 0.0 216 a) is typicallyconfigured as a chip (a package of one or more dies) or a die on acircuit board. As depicted, a solid-state storage element (e.g. 216 a)operates independently or semi-independently of other solid-statestorage elements (e.g. 218 a) even if these several elements arepackaged together in a chip package, a stack of chip packages, or someother package element. As depicted, a column of solid-state storageelements 216, 218, 220 is designated as a bank 214. As depicted, theremay be “n” banks 214 a-n and “m” solid-state storage elements 216 a-m,218 a-m, 220 a-m per bank in an array of n×m solid-state storageelements 216, 218, 220 in a solid-state storage 110. In one embodiment,a solid-state storage 110 a includes twenty solid-state storage elements216, 218, 220 per bank 214 with eight banks 214 and a solid-statestorage 110 n includes 2 solid-state storage elements 216, 218 per bank214 with one bank 214. In one embodiment, each solid-state storageelement 216, 218, 220 is comprised of a single-level cell (“SLC”)devices. In another embodiment, each solid-state storage element 216,218, 220 is comprised of multi-level cell (“MLC”) devices.

In one embodiment, solid-state storage elements for multiple banks thatshare a common storage I/O bus 210 a row (e.g. 216 b, 218 b, 220 b) arepackaged together. In one embodiment, a solid-state storage element 216,218, 220 may have one or more dies per chip with one or more chipsstacked vertically and each die may be accessed independently. Inanother embodiment, a solid-state storage element (e.g. SSS 0.0 216 a)may have one or more virtual dies per die and one or more dies per chipand one or more chips stacked vertically and each virtual die may beaccessed independently. In another embodiment, a solid-state storageelement SSS 0.0 216 a may have one or more virtual dies per die and oneor more dies per chip with some or all of the one or more dies stackedvertically and each virtual die may be accessed independently.

In one embodiment, two dies are stacked vertically with four stacks pergroup to form eight storage elements (e.g. SSS 0.0-SSS 0.8) 216 a-220 a,each in a separate bank 214 a-n. In another embodiment, 20 storageelements (e.g. SSS 0.0-SSS 20.0) 216 form a virtual bank 214 a so thateach of the eight virtual banks has 20 storage elements (e.g. SSS0.0-SSS20.8) 216, 218,220. Data is sent to the solid-state storage 110 over thestorage I/O bus 210 to all storage elements of a particular group ofstorage elements (SSS 0.0-SSS 0.8) 216 a, 218 a, 220 a. The storagecontrol bus 212 a is used to select a particular bank (e.g. Bank-0 214a) so that the data received over the storage I/O bus 210 connected toall banks 214 is written just to the selected bank 214 a.

In a preferred embodiment, the storage I/O bus 210 is comprised of oneor more independent I/O buses (“IIOBa-m” comprising 210 a.a-m, 210n.a-m) wherein the solid-state storage elements within each row shareone of the independent I/O buses accesses each solid-state storageelement 216, 218, 220 in parallel so that all banks 214 are accessedsimultaneously. For example, one channel of the storage I/O bus 210 mayaccess a first solid-state storage element 216 a, 218 a, 220 a of eachbank 214 a-n simultaneously. A second channel of the storage I/O bus 210may access a second solid-state storage element 216 b, 218 b, 220 b ofeach bank 214 a-n simultaneously. Each row of solid-state storageelement 216, 218, 220 is accessed simultaneously. In one embodiment,where solid-state storage elements 216, 218, 220 are multi-level(physically stacked), all physical levels of the solid-state storageelements 216, 218, 220 are accessed simultaneously. As used herein,“simultaneously” also includes near simultaneous access where devicesare accessed at slightly different intervals to avoid switching noise.Simultaneously is used in this context to be distinguished from asequential or serial access wherein commands and/or data are sentindividually one after the other.

Typically, banks 214 a-n are independently selected using the storagecontrol bus 212. In one embodiment, a bank 214 is selected using a chipenable or chip select. Where both chip select and chip enable areavailable, the storage control bus 212 may select one level of amulti-level solid-state storage element 216, 218, 220. In otherembodiments, other commands are used by the storage control bus 212 toindividually select one level of a multi-level solid-state storageelement 216, 218, 220. Solid-state storage elements 216, 218, 220 mayalso be selected through a combination of control and of addressinformation transmitted on storage I/O bus 210 and the storage controlbus 212.

In one embodiment, each solid-state storage element 216, 218, 220 ispartitioned into erase blocks and each erase block is partitioned intopages. A typical page is 2000 bytes (“2 kB”). In one example, asolid-state storage element (e.g. SSS0.0) includes two registers and canprogram two pages so that a two-register solid-state storage element216, 218, 220 has a capacity of 4 kB. A bank 214 of 20 solid-statestorage elements 216, 218, 220 would then have an 80 kB capacity ofpages accessed with the same address going out the channels of thestorage I/O bus 210.

This group of pages in a bank 214 of solid-state storage elements 216,218, 220 of 80 kB may be called a virtual page. Similarly, an eraseblock of each storage element 216 a-m of a bank 214 a may be grouped toform a virtual erase block. In a preferred embodiment, an erase block ofpages within a solid-state storage element 216, 218, 220 is erased whenan erase command is received within a solid-state storage element 216,218, 220. Whereas the size and number of erase blocks, pages, planes, orother logical and physical divisions within a solid-state storageelement 216, 218, 220 are expected to change over time with advancementsin technology, it is to be expected that many embodiments consistentwith new configurations are possible and are consistent with the generaldescription herein.

Typically, when a packet is written to a particular location within asolid-state storage element 216, 218, 220, wherein the packet isintended to be written to a location within a particular page which isspecific to a of a particular erase block of a particular element of aparticular bank, a physical address is sent on the storage I/O bus 210and followed by the packet. The physical address contains enoughinformation for the solid-state storage element 216, 218, 220 to directthe packet to the designated location within the page. Since all storageelements in a row of storage elements (e.g. SSS 0.0-SSS 0.N 216 a, 218a, 220 a) are accessed simultaneously by the appropriate bus within thestorage I/O bus 210 a.a, to reach the proper page and to avoid writingthe data packet to similarly addressed pages in the row of storageelements (SSS 0.0-SSS 0.N 216 a, 218 a, 220 a), the bank 214 a thatincludes the solid-state storage element SSS 0.0 216 a with the correctpage where the data packet is to be written is simultaneously selectedby the storage control bus 212.

Similarly, a read command traveling on the storage I/O bus 210 requiresa simultaneous command on the storage control bus 212 to select a singlebank 214 a and the appropriate page within that bank 214 a. In apreferred embodiment, a read command reads an entire page, and becausethere are multiple solid-state storage elements 216, 218, 220 inparallel in a bank 214, an entire virtual page is read with a readcommand. However, the read command may be broken into subcommands, aswill be explained below with respect to bank interleave. A virtual pagemay also be accessed in a write operation.

An erase block erase command may be sent out to erase an erase blockover the storage I/O bus 210 with a particular erase block address toerase a particular erase block. Typically, an erase block erase commandmay be sent over the parallel paths of the storage I/O bus 210 to erasea virtual erase block, each with a particular erase block address toerase a particular erase block. Simultaneously a particular bank (e.g.bank-0 214 a) is selected over the storage control bus 212 to preventerasure of similarly addressed erase blocks in all of the banks (banks1-N 214 b-n). Other commands may also be sent to a particular locationusing a combination of the storage I/O bus 210 and the storage controlbus 212. One of skill in the art will recognize other ways to select aparticular storage location using the bi-directional storage I/O bus 210and the storage control bus 212.

In one embodiment, packets are written sequentially to the solid-statestorage 110. For example, packets are streamed to the storage writebuffers of a bank 214 a of storage elements 216 and when the buffers arefull, the packets are programmed to a designated virtual page. Packetsthen refill the storage write buffers and, when full, the packets arewritten to the next virtual page. The next virtual page may be in thesame bank 214 a or another bank (e.g. 214 b). This process continues,virtual page after virtual page, typically until a virtual erase blockis filled. In another embodiment, the streaming may continue acrossvirtual erase block boundaries with the process continuing, virtualerase block after virtual erase block.

In a read, modify, write operation, data packets associated with theobject are located and read in a read operation. Data segments of themodified object that have been modified are not written to the locationfrom which they are read. Instead, the modified data segments are againconverted to data packets and then written to the next availablelocation in the virtual page currently being written. The object indexentries for the respective data packets are modified to point to thepackets that contain the modified data segments. The entry or entries inthe object index for data packets associated with the same object thathave not been modified will include pointers to original location of theunmodified data packets. Thus, if the original object is maintained, forexample to maintain a previous version of the object, the originalobject will have pointers in the object index to all data packets asoriginally written. The new object will have pointers in the objectindex to some of the original data packets and pointers to the modifieddata packets in the virtual page that is currently being written.

In a copy operation, the object index includes an entry for the originalobject mapped to a number of packets stored in the solid-state storage110. When a copy is made, a new object is created and a new entry iscreated in the object index mapping the new object to the originalpackets. The new object is also written to the solid-state storage 110with its location mapped to the new entry in the object index. The newobject packets may be used to identify the packets within the originalobject that are referenced in case changes have been made in theoriginal object that have not been propagated to the copy and the objectindex is lost or corrupted.

Beneficially, sequentially writing packets facilitates a more even useof the solid-state storage 110 and allows the solid-storage devicecontroller 202 to monitor storage hot spots and level usage of thevarious virtual pages in the solid-state storage 110. Sequentiallywriting packets also facilitates a powerful, efficient garbagecollection system, which is described in detail below. One of skill inthe art will recognize other benefits of sequential storage of datapackets.

Solid-State Storage Device Controller

In various embodiments, the solid-state storage device controller 202also includes a data bus 204, a local bus 206, a buffer controller 208,buffers 0-N 222 a-n, a master controller 224, a direct memory access(“DMA”) controller 226, a memory controller 228, a dynamic memory array230, a static random memory array 232, a management controller 234, amanagement bus 236, a bridge 238 to a system bus 240, and miscellaneouslogic 242, which are described below. In other embodiments, the systembus 240 is coupled to one or more network interface cards (“NICs”) 244,some of which may include remote DMA (“RDMA”) controllers 246, one ormore central processing unit (“CPU”) 248, one or more external memorycontrollers 250 and associated external memory arrays 252, one or morestorage controllers 254, peer controllers 256, and application specificprocessors 258, which are described below. The components 244-258connected to the system bus 240 may be located in the computer 112 ormay be other devices.

Typically the solid-state storage controller(s) 104 communicate data tothe solid-state storage 110 over a storage I/O bus 210. In a typicalembodiment where the solid-state storage is arranged in banks 214 andeach bank 214 includes multiple storage elements 216, 218, 220 accessedin parallel, the storage I/O bus 210 is an array of busses, one for eachrow of storage elements 216, 218, 220 spanning the banks 214. As usedherein, the term “storage I/O bus” may refer to one storage I/O bus 210or an array of data independent busses 204. In a preferred embodiment,each storage I/O bus 210 accessing a row of storage elements (e.g. 216a, 218 a, 220 a) may include a logical-to-physical mapping for storagedivisions (e.g. erase blocks) accessed in a row of storage elements 216a, 218 a, 220 a. This mapping allows a logical address mapped to aphysical address of a storage division to be remapped to a differentstorage division if the first storage division fails, partially fails,is inaccessible, or has some other problem. Remapping is explainedfurther in relation to the remapping module 430 of FIGS. 4A and 4B.

Data may also be communicated to the solid-state storage controller(s)104 from a requesting device 155 through the system bus 240, bridge 238,local bus 206, buffer(s) 222, and finally over a data bus 204. The databus 204 typically is connected to one or more buffers 222 a-n controlledwith a buffer controller 208. The buffer controller 208 typicallycontrols transfer of data from the local bus 206 to the buffers 222 andthrough the data bus 204 to the pipeline input buffer 306 and outputbuffer 330. The buffer controller 208 typically controls how dataarriving from a requesting device 155 can be temporarily stored in abuffer 222 and then transferred onto a data bus 204, or vice versa, toaccount for different clock domains, to prevent data collisions, etc.The buffer controller 208 typically works in conjunction with the mastercontroller 224 to coordinate data flow. As data arrives, the data willarrive on the system bus 240, be transferred to the local bus 206through a bridge 238.

Typically the data is transferred from the local bus 206 to one or moredata buffers 222 as directed by the master controller 224 and the buffercontroller 208. The data then flows out of the buffer(s) 222 to the databus 204, through a solid-state controller 104, and on to the solid-statestorage 110 such as NAND flash or other storage media. In a preferredembodiment, data and associated out-of-band metadata (“object metadata”)arriving with the data is communicated using one or more data channelscomprising one or more solid-state storage controllers 104 a-104 n-1 andassociated solid-state storage 110 a-110 n-1 while at least one channel(solid-state storage controller 104 n, solid-state storage 110 n) isdedicated to in-band metadata, such as index information and othermetadata generated internally to the solid-state storage device 102.

The local bus 206 is typically a bidirectional bus or set of busses thatallows for communication of data and commands between devices internalto the solid-state storage device controller 202 and between devicesinternal to the solid-state storage device 102 and devices 244-258connected to the system bus 240. The bridge 238 facilitatescommunication between the local bus 206 and system bus 240. One of skillin the art will recognize other embodiments such as ring structures orswitched star configurations and functions of buses 240, 206, 204, 210and bridges 238.

The system bus 240 is typically a bus of a computer 112 or other devicein which the solid-state storage device 102 is installed or connected.In one embodiment, the system bus 240 may be a PCI-e bus, a SerialAdvanced Technology Attachment (“serial ATA”) bus, parallel ATA, or thelike. In another embodiment, the system bus 240 is an external bus suchas small computer system interface (“SCSr”), FireWire, Fiber Channel,USB, PCIe-AS, or the like. The solid-state storage device 102 may bepackaged to fit internally to a device or as an externally connecteddevice.

The solid-state storage device controller 202 includes a mastercontroller 224 that controls higher-level functions within thesolid-state storage device 102. The master controller 224, in variousembodiments, controls data flow by interpreting object requests andother requests, directs creation of indexes to map object identifiersassociated with data to physical locations of associated data,coordinating DMA requests, etc. Many of the functions described hereinare controlled wholly or in part by the master controller 224.

In one embodiment, the master controller 224 uses embeddedcontroller(s). In another embodiment, the master controller 224 useslocal memory such as a dynamic memory array 230 (dynamic random accessmemory “DRAM”), a static memory array 232 (static random access memory“SRAM”), etc. In one embodiment, the local memory is controlled usingthe master controller 224. In another embodiment, the master controller224 accesses the local memory via a memory controller 228. In anotherembodiment, the master controller 224 runs a Linux server and maysupport various common server interfaces, such as the World Wide Web,hyper-text markup language (“HTML”), etc. In another embodiment, themaster controller 224 uses a nano-processor. The master controller 224may be constructed using programmable or standard logic, or anycombination of controller types listed above. One skilled in the artwill recognize many embodiments for the master controller 224.

In one embodiment, where the storage controller 152/solid-state storagedevice controller 202 manages multiple data storage devices/solid-statestorage 110 a-n, the master controller 224 divides the work load amonginternal controllers, such as the solid-state storage controllers 104a-n. For example, the master controller 224 may divide an object to bewritten to the data storage devices (e.g. solid-state storage 110 a-n)so that a portion of the object is stored on each of the attached datastorage devices. This feature is a performance enhancement allowingquicker storage and access to an object. In one embodiment, the mastercontroller 224 is implemented using an FPGA. In another embodiment, thefirmware within the master controller 224 may be updated through themanagement bus 236, the system bus 240 over a network connected to a NIC244 or other device connected to the system bus 240.

In one embodiment, the master controller 224, which manages objects,emulates block storage such that a computer 112 or other deviceconnected to the storage device/solid-state storage device 102 views thestorage device/solid-state storage device 102 as a block storage deviceand sends data to specific physical addresses in the storagedevice/solid-state storage device 102. The master controller 224 thendivides up the blocks and stores the data blocks as it would objects.The master controller 224 then maps the blocks and physical address sentwith the block to the actual locations determined by the mastercontroller 224. The mapping is stored in the object index. Typically,for block emulation, a block device application program interface(“API”) is provided in a driver in the computer 112, client 114, orother device wishing to use the storage device/solid-state storagedevice 102 as a block storage device.

In another embodiment, the master controller 224 coordinates with NICcontrollers 244 and embedded RDMA controllers 246 to deliverjust-in-time RDMA transfers of data and command sets. NIC controller 244may be hidden behind a non-transparent port to enable the use of customdrivers. Also, a driver on a client 114 may have access to the computernetwork 116 through an I/O memory driver using a standard stack API andoperating in conjunction with NICs 244.

In one embodiment, the master controller 224 is also a redundant arrayof independent drive (“RAID”) controller. Where the data storagedevice/solid-state storage device 102 is networked with one or moreother data storage devices/solid-state storage devices 102, the mastercontroller 224 may be a RAID controller for single tier RAID, multi-tierRAID, progressive RAID, etc. The master controller 224 also allows someobjects to be stored in a RAID array and other objects to be storedwithout RAID. In another embodiment, the master controller 224 may be adistributed RAID controller element. In another embodiment, the mastercontroller 224 may comprise many RAID, distributed RAID, and otherfunctions as described elsewhere.

In one embodiment, the master controller 224 coordinates with single orredundant network managers (e.g. switches) to establish routing, tobalance bandwidth utilization, failover, etc. In another embodiment, themaster controller 224 coordinates with integrated application specificlogic (via local bus 206) and associated driver software. In anotherembodiment, the master controller 224 coordinates with attachedapplication specific processors 258 or logic (via the external systembus 240) and associated driver software. In another embodiment, themaster controller 224 coordinates with remote application specific logic(via the computer network 116) and associated driver software. Inanother embodiment, the master controller 224 coordinates with the localbus 206 or external bus attached hard disk drive (“HDD”) storagecontroller.

In one embodiment, the master controller 224 communicates with one ormore storage controllers 254 where the storage device/solid-statestorage device 102 may appear as a storage device connected through aSCSI bus, Internet SCSI (“iSCSI”), fiber channel, etc. Meanwhile thestorage device/solid-state storage device 102 may autonomously manageobjects and may appear as an object file system or distributed objectfile system. The master controller 224 may also be accessed by peercontrollers 256 and/or application specific processors 258.

In another embodiment, the master controller 224 coordinates with anautonomous integrated management controller to periodically validateFPGA code and/or controller software, validate FPGA code while running(reset) and/or validate controller software during power on (reset),support external reset requests, support reset requests due to watchdogtimeouts, and support voltage, current, power, temperature, and otherenvironmental measurements and setting of threshold interrupts. Inanother embodiment, the master controller 224 manages garbage collectionto free erase blocks for reuse. In another embodiment, the mastercontroller 224 manages wear leveling. In another embodiment, the mastercontroller 224 allows the data storage device/solid-state storage device102 to be partitioned into multiple virtual devices and allowspartition-based media encryption. In yet another embodiment, the mastercontroller 224 supports a solid-state storage controller 104 withadvanced, multi-bit ECC correction. One of skill in the art willrecognize other features and functions of a master controller 224 in astorage controller 152, or more specifically in a solid-state storagedevice 102.

In one embodiment, the solid-state storage device controller 202includes a memory controller 228 which controls a dynamic random memoryarray 230 and/or a static random memory array 232. As stated above, thememory controller 228 may be independent or integrated with the mastercontroller 224. The memory controller 228 typically controls volatilememory of some type, such as DRAM (dynamic random memory array 230) andSRAM (static random memory array 232). In other examples, the memorycontroller 228 also controls other memory types such as electricallyerasable programmable read only memory (“EEPROM”), etc. In otherembodiments, the memory controller 228 controls two or more memory typesand the memory controller 228 may include more than one controller.Typically, the memory controller 228 controls as much SRAM 232 as isfeasible and by DRAM 230 to supplement the SRAM 232.

In one embodiment, the object index is stored in memory 230, 232 andthen periodically off-loaded to a channel of the solid-state storage 110n or other non-volatile memory. One of skill in the art will recognizeother uses and configurations of the memory controller 228, dynamicmemory array 230, and static memory array 232.

In one embodiment, the solid-state storage device controller 202includes a DMA controller 226 that controls DMA operations between thestorage device/solid-state storage device 102 and one or more externalmemory controllers 250 and associated external memory arrays 252 andCPUs 248. Note that the external memory controllers 250 and externalmemory arrays 252 are called external because they are external to thestorage device/solid-state storage device 102. In addition the DMAcontroller 226 may also control RDMA operations with requesting devicesthrough a NIC 244 and associated RDMA controller 246. DMA and RDMA areexplained in more detail below.

In one embodiment, the solid-state storage device controller 202includes a management controller 234 connected to a management bus 236.Typically the management controller 234 manages environmental metricsand status of the storage device/solid-state storage device 102. Themanagement controller 234 may monitor device temperature, fan speed,power supply settings, etc. over the management bus 236. The managementcontroller 234 may support the reading and programming of erasableprogrammable read only memory (“EEPROM”) for storage of FPGA code andcontroller software. Typically the management bus 236 is connected tothe various components within the storage device/solid-state storagedevice 102. The management controller 234 may communicate alerts,interrupts, etc. over the local bus 206 or may include a separateconnection to a system bus 240 or other bus. In one embodiment themanagement bus 236 is an Inter-Integrated Circuit (“I²C”) bus. One ofskill in the art will recognize other related functions and uses of amanagement controller 234 connected to components of the storagedevice/solid-state storage device 102 by a management bus 236.

In one embodiment, the solid-state storage device controller 202includes miscellaneous logic 242 that may be customized for a specificapplication. Typically where the solid-state device controller 202 ormaster controller 224 is/are configured using a FPGA or otherconfigurable controller, custom logic may be included based on aparticular application, customer requirement, storage requirement, etc.

Data Pipeline

FIG. 3 is a schematic block diagram illustrating one embodiment 300 of asolid-state storage controller 104 with a write data pipeline 106 and aread data pipeline 108 in a solid-state storage device 102 in accordancewith the present invention. The embodiment 300 includes a data bus 204,a local bus 206, and buffer control 208, which are substantially similarto those described in relation to the solid-state storage devicecontroller 202 of FIG. 2. The write data pipeline 106 includes apacketizer 302 and an error-correcting code (“ECC”) generator 304. Inother embodiments, the write data pipeline 106 includes an input buffer306, a write synchronization buffer 308, a write program module 310, acompression module 312, an encryption module 314, a garbage collectorbypass 316 (with a portion within the read data pipeline 108), a mediaencryption module 318, and a write buffer 320. The read data pipeline108 includes a read synchronization buffer 328, an ECC correction module322, a depacketizer 324, an alignment module 326, and an output buffer330. In other embodiments, the read data pipeline 108 may include amedia decryption module 332, a portion of the garbage collector bypass316, a decryption module 334, a decompression module 336, and a readprogram module 338. The solid-state storage controller 104 may alsoinclude control and status registers 340 and control queues 342, a bankinterleave controller 344, a synchronization buffer 346, a storage buscontroller 348, and a multiplexer (“MUX”) 350. The components of thesolid-state controller 104 and associated write data pipeline 106 andread data pipeline 108 are described below. In other embodiments,synchronous solid-state storage 110 may be used and synchronizationbuffers 308 328 may be eliminated.

Write Data Pipeline

The write data pipeline 106 includes a packetizer 302 that receives adata or metadata segment to be written to the solid-state storage,either directly or indirectly through another write data pipeline 106stage, and creates one or more packets sized for the solid-state storage110. The data or metadata segment is typically part of an object, butmay also include an entire object. In another embodiment, the datasegment is part of a block of data, but may also include an entire blockof data. Typically, an object is received from a computer 112, client114, or other computer or device and is transmitted to the solid-statestorage device 102 in data segments streamed to the solid-state storagedevice 102 or computer 112. A data segment may also be known by anothername, such as data parcel, but as referenced herein includes all or aportion of an object or data block.

Each object is stored as one or more packets. Each object may have oneor more container packets. Each packet contains a header. The header mayinclude a header type field. Type fields may include data, objectattribute, metadata, data segment delimiters (multi-packet), objectstructures, object linkages, and the like. The header may also includeinformation regarding the size of the packet, such as the number ofbytes of data included in the packet. The length of the packet may beestablished by the packet type. The header may include information thatestablishes the relationship of the packet to the object. An examplemight be the use of an offset in a data packet header to identify thelocation of the data segment within the object. One of skill in the artwill recognize other information that may be included in a header addedto data by a packetizer 302 and other information that may be added to adata packet.

Each packet includes a header and possibly data from the data ormetadata segment. The header of each packet includes pertinentinformation to relate the packet to the object to which the packetbelongs. For example, the header may include an object identifier andoffset that indicates the data segment, object, or data block from whichthe data packet was formed. The header may also include a logicaladdress used by the storage bus controller 348 to store the packet. Theheader may also include information regarding the size of the packet,such as the number of bytes included in the packet. The header may alsoinclude a sequence number that identifies where the data segment belongswith respect to other packets within the object when reconstructing thedata segment or object. The header may include a header type field. Typefields may include data, object attributes, metadata, data segmentdelimiters (multi-packet), object structures, object linkages, and thelike. One of skill in the art will recognize other information that maybe included in a header added to data or metadata by a packetizer 302and other information that may be added to a packet.

The write data pipeline 106 includes an ECC generator 304 that generatesone or more error-correcting codes (“ECC”) for the one or more packetsreceived from the packetizer 302. The ECC generator 304 typically usesan error correcting algorithm to generate ECC which is stored with thepacket. The ECC stored with the packet is typically used to detect andcorrect errors introduced into the data through transmission andstorage. In one embodiment, packets are streamed into the ECC generator304 as un-encoded blocks of length N. A syndrome of length S iscalculated, appended and output as an encoded block of length N+S. Thevalue of N and S are dependent upon the characteristics of the algorithmwhich is selected to achieve specific performance, efficiency, androbustness metrics. In the preferred embodiment, there is no fixedrelationship between the ECC blocks and the packets; the packet maycomprise more than one ECC block; the ECC block may comprise more thanone packet; and a first packet may end anywhere within the ECC block anda second packet may begin after the end of the first packet within thesame ECC block. In the preferred embodiment, ECC algorithms are notdynamically modified. In a preferred embodiment, the ECC stored with thedata packets is robust enough to correct errors in more than two bits.

Beneficially, using a robust ECC algorithm allowing more than single bitcorrection or even double bit correction allows the life of thesolid-state storage 110 to be extended. For example, if flash memory isused as the storage medium in the solid-state storage 110, the flashmemory may be written approximately 100,000 times without error pererase cycle. This usage limit may be extended using a robust ECCalgorithm. Having the ECC generator 304 and corresponding ECC correctionmodule 322 onboard the solid-state storage device 102, the solid-statestorage device 102 can internally correct errors and has a longer usefullife than if a less robust ECC algorithm is used, such as single bitcorrection. However, in other embodiments the ECC generator 304 may usea less robust algorithm and may correct single-bit or double-bit errors.In another embodiment, the solid-state storage device 110 may compriseless reliable storage such as multi-level cell (“MLC”) flash in order toincrease capacity, which storage may not be sufficiently reliablewithout more robust ECC algorithms.

In one embodiment, the write pipeline 106 includes an input buffer 306that receives a data segment to be written to the solid-state storage110 and stores the incoming data segments until the next stage of thewrite data pipeline 106, such as the packetizer 302 (or other stage fora more complex write data pipeline 106) is ready to process the nextdata segment. The input buffer 306 typically allows for discrepanciesbetween the rate data segments are received and processed by the writedata pipeline 106 using an appropriately sized data buffer. The inputbuffer 306 also allows the data bus 204 to transfer data to the writedata pipeline 106 at rates greater than can be sustained by the writedata pipeline 106 in order to improve efficiency of operation of thedata bus 204. Typically when the write data pipeline 106 does notinclude an input buffer 306, a buffering function is performedelsewhere, such as in the solid-state storage device 102 but outside thewrite data pipeline 106, in the computer 112, such as within a networkinterface card (“NIC”), or at another device, for example when usingremote direct memory access (“RDMA”).

In another embodiment, the write data pipeline 106 also includes a writesynchronization buffer 308 that buffers packets received from the ECCgenerator 304 prior to writing the packets to the solid-state storage110. The write synch buffer 308 is located at a boundary between a localclock domain and a solid-state storage clock domain and providesbuffering to account for the clock domain differences. In otherembodiments, synchronous solid-state storage 110 may be used andsynchronization buffers 308 328 may be eliminated.

In one embodiment, the write data pipeline 106 also includes a mediaencryption module 318 that receives the one or more packets from thepacketizer 302, either directly or indirectly, and encrypts the one ormore packets using an encryption key unique to the solid-state storagedevice 102 prior to sending the packets to the ECC generator 304.Typically, the entire packet is encrypted, including the headers. Inanother embodiment, headers are not encrypted. In this document,encryption key is understood to mean a secret encryption key that ismanaged externally from an embodiment that integrates the solid-statestorage 110 and where the embodiment requires encryption protection. Themedia encryption module 318 and corresponding media decryption module332 provide a level of security for data stored in the solid-statestorage 110. For example, where data is encrypted with the mediaencryption module 318, if the solid-state storage 110 is connected to adifferent solid-state storage controller 104, solid-state storage device102, or computer 112, the contents of the solid-state storage 110typically could not be read without use of the same encryption key usedduring the write of the data to the solid-state storage 110 withoutsignificant effort.

In a typical embodiment, the solid-state storage device 102 does notstore the encryption key in non-volatile storage and allows no externalaccess to the encryption key. The encryption key is provided to thesolid-state storage controller 104 during initialization. The solid-satestorage device 102 may use and store a non-secret cryptographic noncethat is used in conjunction with an encryption key. A different noncemay be stored with every packet. Data segments may be split betweenmultiple packets with unique nonces for the purpose of improvingprotection by the encryption algorithm. The encryption key may bereceived from a client 114, a computer 112, key manager, or other devicethat manages the encryption key to be used by the solid-state storagecontroller 104. In another embodiment, the solid-state storage 110 mayhave two or more partitions and the solid-state storage controller 104behaves as though it were two or more solid-state storage controllers104, each operating on a single partition within the solid-state storage110. In this embodiment, a unique media encryption key may be used witheach partition.

In another embodiment, the write data pipeline 106 also includes anencryption module 314 that encrypts a data or metadata segment receivedfrom the input buffer 306, either directly or indirectly, prior sendingthe data segment to the packetizer 302, the data segment encrypted usingan encryption key received in conjunction with the data segment. Theencryption module 314 differs from the media encryption module 318 inthat the encryption keys used by the encryption module 314 to encryptdata may not be common to all data stored within the solid-state storagedevice 102 but may vary on an object basis and received in conjunctionwith receiving data segments as described below. For example, anencryption key for a data segment to be encrypted by the encryptionmodule 314 may be received with the data segment or may be received aspart of a command to write an object to which the data segment belongs.The solid-sate storage device 102 may use and store a non-secretcryptographic nonce in each object packet that is used in conjunctionwith the encryption key. A different nonce may be stored with everypacket. Data segments may be split between multiple packets with uniquenonces for the purpose of improving protection by the encryptionalgorithm. In one embodiment, the nonce used by the media encryptionmodule 318 is the same as that used by the encryption module 314.

The encryption key may be received from a client 114, a computer 112,key manager, or other device that holds the encryption key to be used toencrypt the data segment. In one embodiment, encryption keys aretransferred to the solid-state storage controller 104 from one of asolid-state storage device 102, computer 112, client 114, or otherexternal agent which has the ability to execute industry standardmethods to securely transfer and protect private and public keys.

In one embodiment, the encryption module 314 encrypts a first packetwith a first encryption key received in conjunction with the packet andencrypts a second packet with a second encryption key received inconjunction with the second packet. In another embodiment, theencryption module 314 encrypts a first packet with a first encryptionkey received in conjunction with the packet and passes a second datapacket on to the next stage without encryption. Beneficially, theencryption module 314 included in the write data pipeline 106 of thesolid-state storage device 102 allows object-by-object orsegment-by-segment data encryption without a single file system or otherexternal system to keep track of the different encryption keys used tostore corresponding objects or data segments. Each requesting device 155or related key manager independently manages encryption keys used toencrypt only the objects or data segments sent by the requesting device155.

In another embodiment, the write data pipeline 106 includes acompression module 312 that compresses the data for metadata segmentprior to sending the data segment to the packetizer 302. The compressionmodule 312 typically compresses a data or metadata segment using acompression routine known to those of skill in the art to reduce thestorage size of the segment. For example, if a data segment includes astring of 512 zeros, the compression module 312 may replace the 512zeros with code or token indicating the 512 zeros where the code is muchmore compact than the space taken by the 512 zeros.

In one embodiment, the compression module 312 compresses a first segmentwith a first compression routine and passes along a second segmentwithout compression. In another embodiment, the compression module 312compresses a first segment with a first compression routine andcompresses the second segment with a second compression routine. Havingthis flexibility within the solid-state storage device 102 is beneficialso that clients 114 or other devices writing data to the solid-statestorage device 102 may each specify a compression routine or so that onecan specify a compression routine while another specifies nocompression. Selection of compression routines may also be selectedaccording to default settings on a per object type or object classbasis. For example, a first object of a specific object may be able tooverride default compression routine settings and a second object of thesame object class and object type may use the default compressionroutine and a third object of the same object class and object type mayuse no compression.

In one embodiment, the write data pipeline 106 includes a garbagecollector bypass 316 that receives data segments from the read datapipeline 108 as part of a data bypass in a garbage collection system. Agarbage collection system typically marks packets that are no longervalid, typically because the packet is marked for deletion or has beenmodified and the modified data is stored in a different location. Atsome point, the garbage collection system determines that a particularsection of storage may be recovered. This determination may be due to alack of available storage capacity, the percentage of data marked asinvalid reaching a threshold, a consolidation of valid data, an errordetection rate for that section of storage reaching a threshold, orimproving performance based on data distribution, etc. Numerous factorsmay be considered by a garbage collection algorithm to determine when asection of storage is to be recovered.

Once a section of storage has been marked for recovery, valid packets inthe section typically must be relocated. The garbage collector bypass316 allows packets to be read into the read data pipeline 108 and thentransferred directly to the write data pipeline 106 without being routedout of the solid-state storage controller 104. In a preferredembodiment, the garbage collector bypass 316 is part of an autonomousgarbage collector system that operates within the solid-state storagedevice 102. This allows the solid-state storage device 102 to managedata so that data is systematically spread throughout the solid-statestorage 110 to improve performance, data reliability and to avoidoveruse and underuse of any one location or area of the solid-statestorage 110 and to lengthen the useful life of the solid-state storage110.

The garbage collector bypass 316 coordinates insertion of segments intothe write data pipeline 106 with other segments being written by clients114 or other devices. In the depicted embodiment, the garbage collectorbypass 316 is before the packetizer 302 in the write data pipeline 106and after the depacketizer 324 in the read data pipeline 108, but mayalso be located elsewhere in the read and write data pipelines 106, 108.The garbage collector bypass 316 may be used during a flush of the writepipeline 106 to fill the remainder of the virtual page in order toimprove the efficiency of storage within the Solid-State Storage 110 andthereby reduce the frequency of garbage collection.

In one embodiment, the write data pipeline 106 includes a write buffer320 that buffers data for efficient write operations. Typically, thewrite buffer 320 includes enough capacity for packets to fill at leastone virtual page in the solid-state storage 110. This allows a writeoperation to send an entire page of data to the solid-state storage 110without interruption. By sizing the write buffer 320 of the write datapipeline 106 and buffers within the read data pipeline 108 to be thesame capacity or larger than a storage write buffer within thesolid-state storage 110, writing and reading data is more efficientsince a single write command may be crafted to send a full virtual pageof data to the solid-state storage 110 instead of multiple commands.

While the write buffer 320 is being filled, the solid-state storage 110may be used for other read operations. This is advantageous becauseother solid-state devices with a smaller write buffer or no write buffermay tie up the solid-state storage when data is written to a storagewrite buffer and data flowing into the storage write buffer stalls. Readoperations will be blocked until the entire storage write buffer isfilled and programmed. Another approach for systems without a writebuffer or a small write buffer is to flush the storage write buffer thatis not full in order to enable reads. Again this is inefficient becausemultiple write/program cycles are required to fill a page.

For depicted embodiment with a write buffer 320 sized larger than avirtual page, a single write command, which includes numeroussubcommands, can then be followed by a single program command totransfer the page of data from the storage write buffer in eachsolid-state storage element 216, 218, 220 to the designated page withineach solid-state storage element 216, 218, 220. This technique has thebenefits of eliminating partial page programming, which is known toreduce data reliability and durability and freeing up the destinationbank for reads and other commands while the buffer fills.

In one embodiment, the write buffer 320 is a ping-pong buffer where oneside of the buffer is filled and then designated for transfer at anappropriate time while the other side of the ping-pong buffer is beingfilled. In another embodiment, the write buffer 320 includes a first-infirst-out (“FIFO”) register with a capacity of more than a virtual pageof data segments. One of skill in the art will recognize other writebuffer 320 configurations that allow a virtual page of data to be storedprior to writing the data to the solid-state storage 110.

In another embodiment, the write buffer 320 is sized smaller than avirtual page so that less than a page of information could be written toa storage write buffer in the solid-state storage 110. In theembodiment, to prevent a stall in the write data pipeline 106 fromholding up read operations, data is queued using the garbage collectionsystem that needs to be moved from one location to another as part ofthe garbage collection process. In case of a data stall in the writedata pipeline 106, the data can be fed through the garbage collectorbypass 316 to the write buffer 320 and then on to the storage writebuffer in the solid-state storage 110 to fill the pages of a virtualpage prior to programming the data. In this way a data stall in thewrite data pipeline 106 would not stall reading from the solid-statestorage device 102.

In another embodiment, the write data pipeline 106 includes a writeprogram module 310 with one or more user-definable functions within thewrite data pipeline 106. The write program module 310 allows a user tocustomize the write data pipeline 106. A user may customize the writedata pipeline 106 based on a particular data requirement or application.Where the solid-state storage controller 104 is an FPGA, the user mayprogram the write data pipeline 106 with custom commands and functionsrelatively easily. A user may also use the write program module 310 toinclude custom functions with an ASIC, however, customizing an ASIC maybe more difficult than with an FPGA. The write program module 310 mayinclude buffers and bypass mechanisms to allow a first data segment toexecute in the write program module 310 while a second data segment maycontinue through the write data pipeline 106. In another embodiment, thewrite program module 310 may include a processor core that can beprogrammed through software.

Note that the write program module 310 is shown between the input buffer306 and the compression module 312, however, the write program module310 could be anywhere in the write data pipeline 106 and may bedistributed among the various stages 302-320. In addition, there may bemultiple write program modules 310 distributed among the various states302-320 that are programmed and operate independently. In addition, theorder of the stages 302-320 may be altered. One of skill in the art willrecognize workable alterations to the order of the stages 302-320 basedon particular user requirements.

Read Data Pipeline

The read data pipeline 108 includes an ECC correction module 322 thatdetermines if a data error exists in ECC blocks a requested packetreceived from the solid-state storage 110 by using ECC stored with eachECC block of the requested packet. The ECC correction module 322 thencorrects any errors in the requested packet if any error exists and theerrors are correctable using the ECC. For example, if the ECC can detectan error in six bits but can only correct three bit errors, the ECCcorrection module 322 corrects ECC blocks of the requested packet withup to three bits in error. The ECC correction module 322 corrects thebits in error by changing the bits in error to the correct one or zerostate so that the requested data packet is identical to when it waswritten to the solid-state storage 110 and the ECC was generated for thepacket.

If the ECC correction module 322 determines that the requested packetscontains more bits in error than the ECC can correct, the ECC correctionmodule 322 cannot correct the errors in the corrupted ECC blocks of therequested packet and sends an interrupt. In one embodiment, the ECCcorrection module 322 sends an interrupt with a message indicating thatthe requested packet is in error. The message may include informationthat the ECC correction module 322 cannot correct the errors or theinability of the ECC correction module 322 to correct the errors may beimplied. In another embodiment, the ECC correction module 322 sends thecorrupted ECC blocks of the requested packet with the interrupt and/orthe message.

In the preferred embodiment, a corrupted ECC block or portion of acorrupted ECC block of the requested packet that cannot be corrected bythe ECC correction module 322 is read by the master controller 224,corrected, and returned to the ECC correction module 322 for furtherprocessing by the read data pipeline 108. In one embodiment, a corruptedECC block or portion of a corrupted ECC block of the requested packet issent to the device requesting the data. The requesting device 155 maycorrect the ECC block or replace the data using another copy, such as abackup or mirror copy, and then may use the replacement data of therequested data packet or return it to the read data pipeline 108. Therequesting device 155 may use header information in the requested packetin error to identify data required to replace the corrupted requestedpacket or to replace the object to which the packet belongs. In anotherpreferred embodiment, the solid-state storage controller 104 stores datausing some type of RAID and is able to recover the corrupted data. Inanother embodiment, the ECC correction module 322 sends and interruptand/or message and the receiving device fails the read operationassociated with the requested data packet. One of skill in the art willrecognize other options and actions to be taken as a result of the ECCcorrection module 322 determining that one or more ECC blocks of therequested packet are corrupted and that the ECC correction module 322cannot correct the errors.

The read data pipeline 108 includes a depacketizer 324 that receives ECCblocks of the requested packet from the ECC correction module 322,directly or indirectly, and checks and removes one or more packetheaders. The depacketizer 324 may validate the packet headers bychecking packet identifiers, data length, data location, etc. within theheaders. In one embodiment, the header includes a hash code that can beused to validate that the packet delivered to the read data pipeline 108is the requested packet. The depacketizer 324 also removes the headersfrom the requested packet added by the packetizer 302. The depacketizer324 may directed to not operate on certain packets but pass theseforward without modification. An example might be a container label thatis requested during the course of a rebuild process where the headerinformation is required by the object index reconstruction module 272.Further examples include the transfer of packets of various typesdestined for use within the solid-state storage device 102. In anotherembodiment, the depacketizer 324 operation may be packet type dependent.

The read data pipeline 108 includes an alignment module 326 thatreceives data from the depacketizer 324 and removes unwanted data. Inone embodiment, a read command sent to the solid-state storage 110retrieves a packet of data. A device requesting the data may not requireall data within the retrieved packet and the alignment module 326removes the unwanted data. If all data within a retrieved page isrequested data, the alignment module 326 does not remove any data.

The alignment module 326 re-formats the data as data segments of anobject in a form compatible with a device requesting the data segmentprior to forwarding the data segment to the next stage. Typically, asdata is processed by the read data pipeline 108, the size of datasegments or packets changes at various stages. The alignment module 326uses received data to format the data into data segments suitable to besent to the requesting device 155 and joined to form a response. Forexample, data from a portion of a first data packet may be combined withdata from a portion of a second data packet. If a data segment is largerthan a data requested by the requesting device 155, the alignment module326 may discard the unwanted data.

In one embodiment, the read data pipeline 108 includes a readsynchronization buffer 328 that buffers one or more requested packetsread from the solid-state storage 110 prior to processing by the readdata pipeline 108. The read synchronization buffer 328 is at theboundary between the solid-state storage clock domain and the local busclock domain and provides buffering to account for the clock domaindifferences.

In another embodiment, the read data pipeline 108 includes an outputbuffer 330 that receives requested packets from the alignment module 326and stores the packets prior to transmission to the requesting device155. The output buffer 330 accounts for differences between when datasegments are received from stages of the read data pipeline 108 and whenthe data segments are transmitted to other parts of the solid-statestorage controller 104 or to the requesting device 155. The outputbuffer 330 also allows the data bus 204 to receive data from the readdata pipeline 108 at rates greater than can be sustained by the readdata pipeline 108 in order to improve efficiency of operation of thedata bus 204.

In one embodiment, the read data pipeline 108 includes a mediadecryption module 332 that receives one or more encrypted requestedpackets from the ECC correction module 322 and decrypts the one or morerequested packets using the encryption key unique to the solid-statestorage device 102 prior to sending the one or more requested packets tothe depacketizer 324. Typically the encryption key used to decrypt databy the media decryption module 332 is identical to the encryption keyused by the media encryption module 318. In another embodiment, thesolid-state storage 110 may have two or more partitions and thesolid-state storage controller 104 behaves as though it were two or moresolid-state storage controllers 104 each operating on a single partitionwithin the solid-state storage 110. In this embodiment, a unique mediaencryption key may be used with each partition.

In another embodiment, the read data pipeline 108 includes a decryptionmodule 334 that decrypts a data segment formatted by the depacketizer324 prior to sending the data segment to the output buffer 330. The datasegment decrypted using an encryption key received in conjunction withthe read request that initiates retrieval of the requested packetreceived by the read synchronization buffer 328. The decryption module334 may decrypt a first packet with an encryption key received inconjunction with the read request for the first packet and then maydecrypt a second packet with a different encryption key or may pass thesecond packet on to the next stage of the read data pipeline 108 withoutdecryption.

Typically, the decryption module 334 uses a different encryption key todecrypt a data segment than the media decryption module 332 uses todecrypt requested packets. When the packet was stored with a non-secretcryptographic nonce, the nonce is used in conjunction with an encryptionkey to decrypt the data packet. The encryption key may be received froma client 114, a computer 112, key manager, or other device that managesthe encryption key to be used by the solid-state storage controller 104.

In another embodiment, the read data pipeline 108 includes adecompression module 336 that decompresses a data segment formatted bythe depacketizer 324. In the preferred embodiment, the decompressionmodule 336 uses compression information stored in one or both of thepacket header and the container label to select a complementary routineto that used to compress the data by the compression module 312. Inanother embodiment, the decompression routine used by the decompressionmodule 336 is dictated by the device requesting the data segment beingdecompressed. In another embodiment, the decompression module 336selects a decompression routine according to default settings on a perobject type or object class basis. A first packet of a first object maybe able to override a default decompression routine and a second packetof a second object of the same object class and object type may use thedefault decompression routine and a third packet of a third object ofthe same object class and object type may use no decompression.

In another embodiment, the read data pipeline 108 includes a readprogram module 338 that includes one or more user-definable functionswithin the read data pipeline 108. The read program module 338 hassimilar characteristics to the write program module 310 and allows auser to provide custom functions to the read data pipeline 108. The readprogram module 338 may be located as shown in FIG. 3, may be located inanother position within the read data pipeline 108, or may includemultiple parts in multiple locations within the read data pipeline 108.Additionally, there may be multiple read program modules 338 withinmultiple locations within the read data pipeline 108 that operateindependently. One of skill in the art will recognize other forms of aread program module 338 within a read data pipeline 108. As with thewrite data pipeline 106, the stages of the read data pipeline 108 may berearranged and one of skill in the art will recognize other orders ofstages within the read data pipeline 108.

The solid-state storage controller 104 includes control and statusregisters 340 and corresponding control queues 342. The control andstatus registers 340 and control queues 342 facilitate control andsequencing commands and subcommands associated with data processed inthe write and read data pipelines 106, 108. For example, a data segmentin the packetizer 302 may have one or more corresponding controlcommands or instructions in a control queue 342 associated with the ECCgenerator 304. As the data segment is packetized, some of theinstructions or commands may be executed within the packetizer 302.Other commands or instructions may be passed to the next control queue342 through the control and status registers 340 as the newly formeddata packet created from the data segment is passed to the next stage.

Commands or instructions may be simultaneously loaded into the controlqueues 342 for a packet being forwarded to the write data pipeline 106with each pipeline stage pulling the appropriate command or instructionas the respective packet is executed by that stage. Similarly, commandsor instructions may be simultaneously loaded into the control queues 342for a packet being requested from the read data pipeline 108 with eachpipeline stage pulling the appropriate command or instruction as therespective packet is executed by that stage. One of skill in the artwill recognize other features and functions of control and statusregisters 340 and control queues 342.

The solid-state storage controller 104 and or solid-state storage device102 may also include a bank interleave controller 344, a synchronizationbuffer 346, a storage bus controller 348, and a multiplexer (“MUX”) 350,which are described in relation to FIGS. 4A and 4B.

Bank Interleave

FIG. 4A is a schematic block diagram illustrating one embodiment 400 ofa bank interleave controller 344 in the solid-state storage controller104 in accordance with the present invention. The bank interleavecontroller 344 is connected to the control and status registers 340 andto the storage I/O bus 210 and storage control bus 212 through the MUX350, storage bus controller 348, and synchronization buffer 346, whichare described below. The bank interleave controller 344 includes a readagent 402, a write agent 404, an erase agent 406, a management agent408, read queues 410 a-n, write queues 412 a-n, erase queues 414 a-n,and management queues 416 a-n for the banks 214 in the solid-statestorage 110, bank controllers 418 a-n, a bus arbiter 420, and a statusMUX 422, which are described below. The storage bus controller 348includes a mapping module 424 with a remapping module 430, a statuscapture module 426, and a NAND bus controller 428, which are describedbelow.

The bank interleave controller 344 directs one or more commands to twoor more queues in the bank interleave controller 344 and coordinatesamong the banks 214 of the solid-state storage 110 execution of thecommands stored in the queues, such that a command of a first typeexecutes on one bank 214 a while a command of a second type executes ona second bank 214 b. The one or more commands are separated by commandtype into the queues. Each bank 214 of the solid-state storage 110 has acorresponding set of queues within the bank interleave controller 344and each set of queues includes a queue for each command type.

The bank interleave controller 344 coordinates among the banks 214 ofthe solid-state storage 110 execution of the commands stored in thequeues. For example, a command of a first type executes on one bank 214a while a command of a second type executes on a second bank 214 b.Typically the command types and queue types include read and writecommands and queues 410, 412, but may also include other commands andqueues that are storage media specific. For example, in the embodimentdepicted in FIG. 4A, erase and management queues 414, 416 are includedand would be appropriate for flash memory, NRAM, MRAM, DRAM, PRAM, etc.

For other types of solid-state storage 110, other types of commands andcorresponding queues may be included without straying from the scope ofthe invention. The flexible nature of an FPGA solid-state storagecontroller 104 allows flexibility in storage media. If flash memory werechanged to another solid-state storage type, the bank interleavecontroller 344, storage bus controller 348, and MUX 350 could be alteredto accommodate the media type without significantly affecting the datapipelines 106, 108 and other solid-state storage controller 104functions.

In the embodiment depicted in FIG. 4A, the bank interleave controller344 includes, for each bank 214, a read queue 410 for reading data fromthe solid-state storage 110, a write queue 412 for write commands to thesolid-state storage 110, an erase queue 414 for erasing an erase blockin the solid-state storage, an a management queue 416 for managementcommands. The bank interleave controller 344 also includes correspondingread, write, erase, and management agents 402, 404, 406, 408. In anotherembodiment, the control and status registers 340 and control queues 342or similar components queue commands for data sent to the banks 214 ofthe solid-state storage 110 without a bank interleave controller 344.

The agents 402, 404, 406, 408, in one embodiment, direct commands of theappropriate type destined for a particular bank 214 a to the correctqueue for the bank 214 a. For example, the read agent 402 may receive aread command for bank-1 214 b and directs the read command to the bank-1read queue 410 b. The write agent 404 may receive a write command towrite data to a location in bank-0 214 a of the solid-state storage 110and will then send the write command to the bank-0 write queue 412 a.Similarly, the erase agent 406 may receive an erase command to erase anerase block in bank-1 214 b and will then pass the erase command to thebank-1 erase queue 414 b. The management agent 408 typically receivesmanagement commands, status requests, and the like, such as a resetcommand or a request to read a configuration register of a bank 214,such as bank-0 214 a. The management agent 408 sends the managementcommand to the bank-0 management queue 416 a.

The agents 402, 404, 406, 408 typically also monitor status of thequeues 410, 412, 414, 416 and send status, interrupt, or other messageswhen the queues 410, 412, 414, 416 are full, nearly full,non-functional, etc. In one embodiment, the agents 402, 404, 406, 408receive commands and generate corresponding sub-commands. In oneembodiment, the agents 402, 404, 406, 408 receive commands through thecontrol & status registers 340 and generate corresponding sub-commandswhich are forwarded to the queues 410, 412, 414, 416. One of skill inthe art will recognize other functions of the agents 402, 404, 406, 408.

The queues 410, 412, 414, 416 typically receive commands and store thecommands until required to be sent to the solid-state storage banks 214.In a typical embodiment, the queues 410, 412, 414, 416 are first-in,first-out (“FIFO”) registers or a similar component that operates as aFIFO. In another embodiment, the queues 410, 412, 414, 416 storecommands in an order that matches data, order of importance, or othercriteria.

The bank controllers 418 typically receive commands from the queues 410,412, 414, 416 and generate appropriate subcommands. For example, thebank-0 write queue 412 a may receive a command to write a page of datapackets to bank-0 214 a. The bank-0 controller 418 a may receive thewrite command at an appropriate time and may generate one or more writesubcommands for each data packet stored in the write buffer 320 to bewritten to the page in bank-0 214 a. For example, bank-0 controller 418a may generate commands to validate the status of bank 0 214 a and thesolid-state storage array 216, select the appropriate location forwriting one or more data packets, clear the input buffers within thesolid-state storage memory array 216, transfer the one or more datapackets to the input buffers, program the input buffers into theselected location, verify that the data was correctly programmed, and ifprogram failures occur do one or more of interrupting the mastercontroller 224, retrying the write to the same physical location, andretrying the write to a different physical location. Additionally, inconjunction with example write command, the storage bus controller 348will cause the one or more commands to multiplied to each of the each ofthe storage I/O buses 210 a-n with the logical address of the commandmapped to a first physical addresses for storage I/O bus 210 a, andmapped to a second physical address for storage I/O bus 210 b, and soforth as further described below.

Typically, bus arbiter 420 selects from among the bank controllers 418and pulls subcommands from output queues within the bank controllers 418and forwards these to the Storage Bus Controller 348 in a sequence thatoptimizes the performance of the banks 214. In another embodiment, thebus arbiter 420 may respond to a high level interrupt and modify thenormal selection criteria. In another embodiment, the master controller224 can control the bus arbiter 420 through the control and statusregisters 340. One of skill in the art will recognize other means bywhich the bus arbiter 420 may control and interleave the sequence ofcommands from the bank controllers 418 to the solid-state storage 110.

The bus arbiter 420 typically coordinates selection of appropriatecommands, and corresponding data when required for the command type,from the bank controllers 418 and sends the commands and data to thestorage bus controller 348. The bus arbiter 420 typically also sendscommands to the storage control bus 212 to select the appropriate bank214. For the case of flash memory or other solid-state storage 110 withan asynchronous, bi-directional serial storage I/O bus 210, only onecommand (control information) or set of data can be transmitted at atime. For example, when write commands or data are being transmitted tothe solid-state storage 110 on the storage I/O bus 210, read commands,data being read, erase commands, management commands, or other statuscommands cannot be transmitted on the storage I/O bus 210. For example,when data is being read from the storage I/O bus 210, data cannot bewritten to the solid-state storage 110.

For example, during a write operation on bank-0 the bus arbiter 420selects the bank-0 controller 418 a which may have a write command or aseries of write sub-u commands on the top of its queue which cause thestorage bus controller 348 to execute the following sequence. The busarbiter 420 forwards the write command to the storage bus controller348, which sets up a write command by selecting bank-0 214 a through thestorage control bus 212, sending a command to clear the input buffers ofthe solid-state storage elements 110 associated with the bank-0 214 a,and sending a command to validate the status of the solid-state storageelements 216, 218, 220 associated with the bank-0 214 a. The storage buscontroller 348 then transmits a write subcommand on the storage I/O bus210, which contains the physical addresses including the address of thelogical erase block for each individual physical erase solid-stagestorage element 216 a-m as mapped from the logical erase block address.The storage bus controller 348 then muxes the write buffer 320 throughthe write sync buffer 308 to the storage I/O bus 210 through the MUX 350and streams write data to the appropriate page. When the page is full,then storage bus controller 348 causes the solid-state storage elements216 a-m associated with the bank-0 214 a to program the input buffer tothe memory cells within the solid-state storage elements 216 a-m.Finally, the storage bus controller 348 validates the status to ensurethat page was correctly programmed.

A read operation is similar to the write example above. During a readoperation, typically the bus arbiter 420, or other component of the bankinterleave controller 344, receives data and corresponding statusinformation and sends the data to the read data pipeline 108 whilesending the status information on to the control and status registers340. Typically, a read data command forwarded from bus arbiter 420 tothe storage bus controller 348 will cause the MUX 350 to gate the readdata on storage I/O bus 210 to the read data pipeline 108 and sendstatus information to the appropriate control and status registers 340through the status MUX 422.

The bus arbiter 420 coordinates the various command types and dataaccess modes so that only an appropriate command type or correspondingdata is on the bus at any given time. If the bus arbiter 420 hasselected a write command, and write subcommands and corresponding dataare being written to the solid-state storage 110, the bus arbiter 420will not allow other command types on the storage I/O bus 210.Beneficially, the bus arbiter 420 uses timing information, such aspredicted command execution times, along with status informationreceived concerning bank 214 status to coordinate execution of thevarious commands on the bus with the goal of minimizing or eliminatingidle time of the busses.

The master controller 224 through the bus arbiter 420 typically usesexpected completion times of the commands stored in the queues 410, 412,414, 416, along with status information, so that when the subcommandsassociated with a command are executing on one bank 214 a, othersubcommands of other commands are executing on other banks 214 b-n. Whenone command is fully executed on a bank 214 a, the bus arbiter 420directs another command to the bank 214 a. The bus arbiter 420 may alsocoordinate commands stored in the queues 410, 412, 414, 416 with othercommands that are not stored in the queues 410, 412, 414, 416.

For example, an erase command may be sent out to erase a group of eraseblocks within the solid-state storage 110. An erase command may take 10to 1000 times more time to execute than a write or a read command or 10to 100 times more time to execute than a program command. For N banks214, the bank interleave controller 344 may split the erase command intoN commands, each to erase a virtual erase block of a bank 214 a. Whilebank-0 214 a is executing an erase command, the bus arbiter 420 mayselect other commands for execution on the other banks 214 b-n. The busarbiter 420 may also work with other components, such as the storage buscontroller 348, the master controller 224, etc., to coordinate commandexecution among the buses. Coordinating execution of commands using thebus arbiter 420, bank controllers 418, queues 410, 412, 414, 416, andagents 402, 404, 406, 408 of the bank interleave controller 344 candramatically increase performance over other solid-state storage systemswithout a bank interleave function.

In one embodiment, the solid-state controller 104 includes one bankinterleave controller 344 that serves all of the storage elements 216,218, 220 of the solid-state storage 110. In another embodiment, thesolid-state controller 104 includes a bank interleave controller 344 foreach row of storage elements 216 a-m, 218 a-m, 220 a-m. For example, onebank interleave controller 344 serves one row of storage elements SSS0.0-SSS 0.N 216 a, 218 a, 220 a, a second bank interleave controller 344serves a second row of storage elements SSS 1.0-SSS 1.N 216 b, 218 b,220 b, etc.

FIG. 4B is a schematic block diagram illustrating an alternateembodiment 401 of a bank interleave controller 344 in the solid-statestorage controller 104 in accordance with the present invention. Thecomponents 210, 212, 340, 346, 348, 350, 402-430 depicted in theembodiment shown in FIG. 4B are substantially similar to the bankinterleave apparatus 400 described in relation to FIG. 4A except thateach bank 214 includes a single queue 432 a-n and the read commands,write commands, erase commands, management commands, etc. for a bank(e.g. Bank-0 214 a) are directed to a single queue 432 a for the bank214 a. The queues 432, in one embodiment, are FIFO. In anotherembodiment, the queues 432 can have commands pulled from the queues 432in an order other than the order they were stored. In another alternateembodiment (not shown), the read agent 402, write agent 404, erase agent406, and management agent 408 may be combined into a single agentassigning commands to the appropriate queues 432 a-n.

In another alternate embodiment (not shown), commands are stored in asingle queue where the commands may be pulled from the queue in an orderother than how they are stored so that the bank interleave controller344 can execute a command on one bank 214 a while other commands areexecuting on the remaining banks 214 b-n. One of skill in the art willeasily recognize other queue configurations and types to enableexecution of a command on one bank 214 a while other commands areexecuting on other banks 214 b-n.

Storage-Specific Components

The solid-state storage controller 104 includes a synchronization buffer346 that buffers commands and status messages sent and received from thesolid-state storage 110. The synchronization buffer 346 is located atthe boundary between the solid-state storage clock domain and the localbus clock domain and provides buffering to account for the clock domaindifferences. The synchronization buffer 346, write synchronizationbuffer 308, and read synchronization buffer 328 may be independent ormay act together to buffer data, commands, status messages, etc. In thepreferred embodiment, the synchronization buffer 346 is located wherethere are the fewest number of signals crossing the clock domains. Oneskilled in the art will recognize that synchronization between clockdomains may be arbitrarily moved to other locations within thesolid-state storage device 102 in order to optimize some aspect ofdesign implementation.

The solid-state storage controller 104 includes a storage bus controller348 that interprets and translates commands for data sent to and readfrom the solid-state storage 110 and status messages received from thesolid-state storage 110 based on the type of solid-state storage 110.For example, the storage bus controller 348 may have different timingrequirements for different types of storage, storage with differentperformance characteristics, storage from different manufacturers, etc.The storage bus controller 348 also sends control commands to thestorage control bus 212.

In the preferred embodiment, the solid-state storage controller 104includes a MUX 350 that comprises an array of multiplexers 350 a-n whereeach multiplexer is dedicated to a row in the solid-state storage array110. For example, multiplexer 350 a is associated with solid-statestorage elements 216 a, 218 a, 220 a. MUX 350 routes the data from thewrite data pipeline 106 and commands from the storage bus controller 348to the solid-state storage 110 via the storage I/O bus 210 and routesdata and status messages from the solid-state storage 110 via thestorage I/O bus 210 to the read data pipeline 108 and the control andstatus registers 340 through the storage bus controller 348,synchronization buffer 346, and bank interleave controller 344.

In the preferred embodiment, the solid-state storage controller 104includes a MUX 350 for each row of solid-state storage elements (e.g.SSS 0.1 216 a, SSS 0.2 218 a, SSS 0.N 220 a). A MUX 350 combines datafrom the write data pipeline 106 and commands sent to the solid-statestorage 110 via the storage I/O bus 210 and separates data to beprocessed by the read data pipeline 108 from commands. Packets stored inthe write buffer 320 are directed on busses out of the write buffer 320through a write synchronization buffer 308 for each row of solid-statestorage elements (SSS x.0 to SSS x.N 216, 218, 220) to the MUX 350 foreach row of solid-state storage elements (SSS x.0 to SSS x.N 216, 218,220). The commands and read data are received by the MUXes 350 from thestorage I/O bus 210. The MUXes 350 also direct status messages to thestorage bus controller 348.

The storage bus controller 348 includes a mapping module 424. Themapping module 424 maps a logical address of an erase block to one ormore physical addresses of an erase block. For example, a solid-statestorage 110 with an array of twenty storage elements (e.g. SSS 0.0 toSSS M.0 216) per block 214 a may have a logical address for a particularerase block mapped to twenty physical addresses of the erase block, onephysical address per storage element. Because the storage elements areaccessed in parallel, erase blocks at the same position in each storageelement in a row of storage elements 216 a, 218 a, 220 a will share aphysical address. To select one erase block (e.g. in storage element SSS0.0 216 a) instead of all erase blocks in the row (e.g. in storageelements SSS 0.0, 0.1, . . . 0.N 216 a, 218 a, 220 a), one bank (in thiscase bank-0 214 a) is selected.

This logical-to-physical mapping for erase blocks is beneficial becauseif one erase block becomes damaged or inaccessible, the mapping can bechanged to map to another erase block. This mitigates the loss of losingan entire virtual erase block when one element's erase block is faulty.The remapping module 430 changes a mapping of a logical address of anerase block to one or more physical addresses of a virtual erase block(spread over the array of storage elements). For example, virtual eraseblock 1 may be mapped to erase block 1 of storage element SSS 0.0 216 a,to erase block 1 of storage element SSS 1.0 216 b, . . . , and tostorage element M.0 216 m, virtual erase block 2 may be mapped to eraseblock 2 of storage element SSS 0.1 218 a, to erase block 2 of storageelement SSS 1.1 218 b, . . . , and to storage element M.1 218 m, etc.

If erase block 1 of a storage element SSS0.0 216 a is damaged,experiencing errors due to wear, etc., or cannot be used for somereason, the remapping module 430 could change the logical-to-physicalmapping for the logical address that pointed to erase block 1 of virtualerase block 1. If a spare erase block (call it erase block 221) ofstorage element SSS 0.0 216 a is available and currently not mapped, theremapping module 430 could change the mapping of virtual erase block 1to point to erase block 221 of storage element SSS 0.0 216 a, whilecontinuing to point to erase block 1 of storage element SSS 1.0 216 b,erase block 1 of storage element SSS 2.0 (not shown) . . . , and tostorage element M.0 216 m. The mapping module 424 or remapping module430 could map erase blocks in a prescribed order (virtual erase block 1to erase block 1 of the storage elements, virtual erase block 2 to eraseblock 2 of the storage elements, etc.) or may map erase blocks of thestorage elements 216, 218, 220 in another order based on some othercriteria.

In one embodiment, the erase blocks could be grouped by access time.Grouping by access time, meaning time to execute a command, such asprogramming (writing) data into pages of specific erase blocks, canlevel command completion so that a command executed across the eraseblocks of a virtual erase block is not limited by the slowest eraseblock. In other embodiments, the erase blocks may be grouped by wearlevel, health, etc. One of skill in the art will recognize other factorsto consider when mapping or remapping erase blocks.

In one embodiment, the storage bus controller 348 includes a statuscapture module 426 that receives status messages from the solid-statestorage 110 and sends the status messages to the status MUX 422. Inanother embodiment, when the solid-state storage 110 is flash memory,the storage bus controller 348 includes a NAND bus controller 428. TheNAND bus controller 428 directs commands from the read and write datapipelines 106, 108 to the correct location in the solid-state storage110, coordinates timing of command execution based on characteristics ofthe flash memory, etc. If the solid-state storage 110 is anothersolid-state storage type, the NAND bus controller 428 would be replacedby a bus controller specific to the storage type. One of skill in theart will recognize other functions of a NAND bus controller 428.

Flow Charts

FIG. 5 is a schematic flow chart diagram illustrating one embodiment ofa method 500 for managing data in a solid-state storage device 102 usinga data pipeline in accordance with the present invention. The method 500begins 502 and the input buffer 306 receives 504 one or more datasegments to be written to the solid-state storage 110. The one or moredata segments typically include at least a portion of an object but maybe an entire object. The packetizer 302 may create one or more objectspecific packets in conjunction with an object. The packetizer 302 addsa header to each packet which typically includes the length of thepacket and a sequence number for the packet within the object. Thepacketizer 302 receives 504 the one or more data or metadata segmentsthat were stored in the input buffer 306 and packetizes 506 the one ormore data or metadata segments by creating one or more packets sized forthe solid-state storage 110 where each packet includes one header anddata from the one or more segments.

Typically, a first packet includes an object identifier that identifiesthe object for which the packet was created. A second packet may includea header with information used by the solid-state storage device 102 toassociate the second packet to the object identified in the first packetand offset information locating the second packet within the object, anddata. The solid-state storage device controller 202 manages the bank 214and physical area to which the packets are streamed.

The ECC generator 304 receives a packet from the packetizer 302 andgenerates 508 ECC for the data packets. Typically, there is no fixedrelationship between packets and ECC blocks. An ECC block may compriseone or more packets. A packet may comprise one or more ECC blocks. Apacket may start and end anywhere within an ECC block. A packet maystart anywhere in a first ECC block and end anywhere in a subsequent ECCblock.

The write synchronization buffer 308 buffers 510 the packets asdistributed within the corresponding ECC blocks prior to writing ECCblocks to the solid-state storage 110 and then the solid-state storagecontroller 104 writes 512 the data at an appropriate time consideringclock domain differences, and the method 500 ends 514. The write synchbuffer 308 is located at the boundary between a local clock domain and asolid-state storage 110 clock domain. Note that the method 500 describesreceiving one or more data segments and writing one or more data packetsfor convenience, but typically a stream of data segments is received anda group. Typically a number of ECC blocks comprising a complete virtualpage of solid-state storage 110 are written to the solid-state storage110. Typically the packetizer 302 receives data segments of one size andgenerates packets of another size. This necessarily requires data ormetadata segments or parts of data or metadata segments to be combinedto form data packets to capture all of the data of the segments intopackets.

FIG. 6 is a schematic flow chart diagram illustrating another embodimentof a method 600 for managing data in a solid-state storage device 102using a data pipeline in accordance with the present invention. Themethod 600 begins 602 and the input buffer 306 receives 604 one or moredata or metadata segments to be written to the solid-state storage 110.The packetizer 302 adds a header to each packet which typically includesthe length of the packet within the object. The packetizer 302 receives604 the one or more segments that were stored in the input buffer 306and packetizes 606 the one or more segments by creating one or morepackets sized for the solid-state storage 110 where each packet includesa header and data from the one or more segments.

The ECC generator 304 receives a packet from the packetizer 302 andgenerates 608 one or more ECC blocks for the packets. The writesynchronization buffer 308 buffers 610 the packets as distributed withinthe corresponding ECC blocks prior to writing ECC blocks to thesolid-state storage 110 and then the solid-state storage controller 104writes 612 the data at an appropriate time considering clock domaindifferences. When data is requested from the solid-state storage 110,ECC blocks comprising one or more data packets are read into the readsynchronization buffer 328 and buffered 614. The ECC blocks of thepacket are received over the storage I/O bus 210. Since the storage I/Obus 210 is bi-directional, when data is read, write operations, commandoperations, etc. are halted.

The ECC correction module 322 receives the ECC blocks of the requestedpackets held in the read synchronization buffer 328 and corrects 616errors within each ECC block as necessary. If the ECC correction module322 determines that one or more errors exist in an ECC block and theerrors are correctable using the ECC syndrome, the ECC correction module322 corrects 616 the error in the ECC block. If the ECC correctionmodule 322 determines that a detected error is not correctable using theECC, the ECC correction module 322 sends an interrupt.

The depacketizer 324 receives 618 the requested packet after the ECCcorrection module 322 corrects any errors and depacketizes 618 thepackets by checking and removing the packet header of each packet. Thealignment module 326 receives packets after depacketizing, removesunwanted data, and re-formats 620 the data packets as data or metadatasegments of an object in a form compatible with the device requestingthe segment or object. The output buffer 330 receives requested packetsafter depacketizing and buffers 622 the packets prior to transmission tothe requesting device 155, and the method 600 ends 624.

FIG. 7 is a schematic flow chart diagram illustrating an embodiment of amethod 700 for managing data in a solid-state storage device 102 using abank interleave in accordance with the present invention. The method 700begins 702 and the bank interleave controller 344 directs 604 one ormore commands to two or more queues 410, 412, 414, 416. Typically theagents 402, 404, 406, 408 direct 704 the commands to the queues 410,412, 414, 416 by command type. Each set of queues 410, 412, 414, 416includes a queue for each command type. The bank interleave controller344 coordinates 706 among the banks 214 execution of the commands storedin the queues 410, 412, 414, 416 so that a command of a first typeexecutes on one bank 214 a while a command of a second type executes ona second bank 214 b, and the method 700 ends 708.

Storage Space Recovery

FIG. 8 is a schematic block diagram illustrating one embodiment of anapparatus 800 for garbage collection in a solid-state storage device 102in accordance with the present invention. The apparatus 800 includes asequential storage module 802, a storage division selection module 804,a data recovery module 806, and a storage division recovery module 808,which are described below. In other embodiments, the apparatus 800includes a garbage marking module 812 and an erase module 810.

The apparatus 800 includes a sequential storage module 802 thatsequentially writes data packets in a page within a storage division.The packets are sequentially stored whether they are new packets ormodified packets. Modified packets are in this embodiment are typicallynot written back to a location where they were previously stored. In oneembodiment, the sequential storage module 802 writes a packet to a firstlocation in a page of a storage division, then to the next location inthe page, and to the next, and the next, until the page is filled. Thesequential storage module 802 then starts to fill the next page in thestorage division. This continues until the storage division is filled.

In a preferred embodiment, the sequential storage module 802 startswriting packets to storage write buffers in the storage elements (e.g.SSS 0.0 to SSS M.0 216) of a bank (bank-0 214 a). When the storage writebuffers are full, the solid-state storage controller 104 causes the datain the storage write buffers to be programmed into designated pageswithin the storage elements 216 of the bank 214 a. Then another bank(e.g. bank-1 214 b) is selected and the sequential storage module 802starts writing packets to storage write buffers of the storage elements218 of the bank 214 b while the first bank-0 214 a is programming thedesignated pages. When the storage write buffers of this bank 214 b arefull, the contents of the storage write buffers are programmed intoanother designated page in each storage element 218. This process isefficient because while one bank 214 a is programming a page, storagewrite buffers of another bank 214 b can be filling.

The storage division includes a portion of a solid-state storage 110 ina solid-state storage device 102. Typically the storage division is anerase block. For flash memory, an erase operation on an erase blockwrites ones to every bit in the erase block by charging each cell. Thisis a lengthy process compared to a program operation which starts with alocation being all ones, and as data is written, some bits are changedto zero by discharging the cells written with a zero. However, where thesolid-state storage 110 is not flash memory or has flash memory where anerase cycle takes a similar amount of time as other operations, such asa read or a program, the storage division may not be required to beerased.

As used herein, a storage division is equivalent in area to an eraseblock but may or may not be erased. Where erase block is used herein, anerase block may refer to a particular area of a designated size within astorage element (e.g. SSS 0.0 216 a) and typically includes a certainquantity of pages. Where “erase block” is used in conjunction with flashmemory, it is typically a storage division that is erased prior to beingwritten. Where “erase block” is used with “solid-state storage,” it mayor may not be erased. As used herein, an erase block may include oneerase block or a group of erase blocks with one erase block in each of arow of storage elements (e.g. SSS 0.0 to SSS M.0 216 a-n), which mayalso be referred to herein as a virtual erase block. When referring tothe logical construct associated with the virtual erase block, the eraseblocks may be referred to herein as a logical erase block (“LEB”).

Typically, the packets are sequentially stored by order of processing.In one embodiment, where a write data pipeline 106 is used, thesequential storage module 802 stores packets in the order that they comeout of the write data pipeline 106. This order may be a result of datasegments arriving from a requesting device 155 mixed with packets ofvalid data that are being read from another storage division as validdata is being recovered from a storage division during a recoveryoperation as explained below. Re-routing recovered, valid data packetsto the write data pipeline 106 may include the garbage collector bypass316 as described above in relation to the solid-state storage controller104 of FIG. 3.

The apparatus 800 includes a storage division selection module 804 thatselects a storage division for recovery. Selecting a storage divisionfor recovery may be to reuse the storage division by the sequentialstorage module 802 for writing data, thus adding the recovered storagedivision to the storage pool, or to recover valid data from the storagedivision after determining that the storage division is failing,unreliable, should be refreshed, or other reason to take the storagedivision temporarily or permanently out of the storage pool. In anotherembodiment, the storage division selection module 804 selects a storagedivision for recovery by identifying a storage division or erase blockwith a high amount of invalid data.

In another embodiment, the storage division selection module 804 selectsa storage division for recovery by identifying a storage division orerase block with a low amount of wear. For example, identifying astorage division or erase block with a low amount of wear may includeidentifying a storage division with a low amount of invalid data, a lownumber of erase cycles, low bit error rate, or low program count (lownumber of times a page of data in a buffer is written to a page in thestorage division; program count may be measured from when the device wasmanufactured, from when the storage division was last erased, from otherarbitrary events, and from combinations of these). The storage divisionselection module 804 may also use any combination of the above or otherparameters to determine a storage division with a low amount of wear.Selecting a storage division for recovery by determining a storagedivision with a low amount of wear may be desirable to find storagedivisions that are under used, may be recovered for wear leveling, etc.

In another embodiment, the storage division selection module 804 selectsa storage division for recovery by identifying a storage division orerase block with a high amount of wear. For example, identifying astorage division or erase block with a high amount of wear may includeidentifying a storage division with a high number of erase cycles, highbit error rate, a storage division with a non-recoverable ECC block, orhigh program count. The storage division selection module 804 may alsouse any combination of the above or other parameters to determine astorage division with a high amount of wear. Selecting a storagedivision for recovery by determining a storage division with a highamount of wear may be desirable to find storage divisions that are overused, may be recovered by refreshing the storage division using an erasecycle, etc. or to retire the storage division from service as beingunusable.

The apparatus 800 includes a data recovery module 806 that reads validdata packets from the storage division selected for recovery, queues thevalid data packets with other data packets to be written sequentially bythe sequential storage module 802, and updates an index with a newphysical address of the valid data written by the sequential storagemodule 802. Typically, the index is the object index mapping data objectidentifiers of objects to physical addresses of where packets derivedfrom the data object are stored in the solid-state storage 110.

In one embodiment the apparatus 800 includes a storage division recoverymodule 808 that prepares the storage division for use or reuse and marksthe storage division as available to the sequential storage module 802for sequentially writing data packets after the data recovery module 806has completed copying valid data from the storage division.

In another embodiment, the apparatus 800 includes a storage divisionrecovery module 808 that marks the storage division selected forrecovery as unavailable for storing data. Typically this is due to thestorage division selection module 804 identifying a storage division orerase block with a high amount of wear such that the storage division orerase block is not in condition to be used for reliable data storage.

In one embodiment, the apparatus 800 is in a solid-state storage devicecontroller 202 of a solid-state storage device 102. In anotherembodiment, the apparatus 800 controls a solid-state storage devicecontroller 202. In another embodiment, a portion of the apparatus 800 isin a solid-state storage device controller 202. In another embodiment,the object index updated by the data recovery module 806 is also locatedin the solid-state storage device controller 202

In one embodiment, the storage division is an erase block and theapparatus 800 includes an erase module 810 that erases an erase blockselected for recovery after the data recovery module 806 has copiedvalid data packets from the selected erase block and before the storagedivision recovery module 808 marks the erase block as available. Forflash memory and other solid-state storage with an erase operationtaking much longer than read or write operations, erasing a data blockprior to making it available for writing new data is desirable forefficient operation. Where the solid-state storage 110 is arranged inbanks 214, the erase operation by the erase module 810 may be executedon one bank while other banks are executing reads, writes, or otheroperations.

In one embodiment, the apparatus 800 includes a garbage marking module812 that identifies a data packet in a storage division as invalid inresponse to an operation indicating that the data packet is no longervalid. For example, if a data packet is deleted, the garbage markingmodule 812 may identify the data packet as invalid. A read-modify-writeoperation is another way for a data packet to be identified as invalid.In one embodiment, the garbage marking module 812 may identify the datapacket as invalid by updating an index. In another embodiment, thegarbage marking module 812 may identify the data packet as invalid bystoring another data packet that indicates that the invalid data packethas been deleted. This is advantageous because storing, in thesolid-state storage 110, information that the data packet has beendeleted allows the object index reconstruction module 272 or similarmodule to reconstruct the object index with an entry indicating that theinvalid data packet has been deleted.

In one embodiment, the apparatus 800 may be utilized to fill theremainder of a virtual page of data following a flush command in orderto improve overall performance, where the flush command halts dataflowing into the write pipeline 106 until the write pipeline 106 emptiesand all packets have been permanently written into non-volatilesolid-state storage 110. This has the benefit of reducing the amount ofgarbage collection required, the amount of time used to erase storagedivisions, and the amount of time required to program virtual pages. Forexample, a flush command may be received when only one small packet isprepared for writing into the virtual page of the solid-state storage110. Programming this nearly empty virtual page might result in a needto immediately recover the wasted space, causing the valid data withinthe storage division to be unnecessarily garbage collected and thestorage division erased, recovered and returned to the pool of availablespace for writing by the sequential storage module 802.

Marking the data packet as invalid rather than actually erasing aninvalid data packet is efficient because, as mentioned above, for flashmemory and other similar storage an erase operation takes a significantamount of time. Allowing a garbage collection system, as described inthe apparatus 800, to operate autonomously within the solid-statestorage 110 provides a way to separate erase operations from reads,writes, and other faster operations so that the solid-state storagedevice 102 can operate much faster than many other solid-state storagesystems or data storage devices.

FIG. 9 is a schematic flow chart diagram illustrating an embodiment of amethod 900 for storage recovery in accordance with the presentinvention. The method 900 begins 902 and the sequential storage module802 sequentially writes 904 data packets in a storage division. Thestorage division is a portion of a solid-state storage 110 in asolid-state storage device 102. Typically a storage division is an eraseblock. The data packets are derived from an object and the data packetsare sequentially stored by order of processing.

The storage division selection module 804 selects 906 a storage divisionfor recovery and the data recovery module 806 reads 908 valid datapackets from the storage division selected for recovery. Typically validdata packets are data packets that have not been marked for erasure ordeletion or some other invalid data marking and are considered valid or“good” data. The data recovery module 806 queues 910 the valid datapackets with other data packets scheduled to be written sequentially bythe sequential storage module 802. The data recovery module 806 updates912 an index with a new physical address of the valid data written bythe sequential storage module 802. The index includes a mapping ofphysical addresses of data packets to object identifiers. The datapackets are those stored in stored in the solid-state storage 110 andthe object identifiers correspond to the data packets.

After the data recovery module 806 completes copying valid data from thestorage division, the storage division recovery module 808 marks 914 thestorage division selected for recovery as available to the sequentialstorage module 802 for sequentially writing data packets and the method900 ends 916.

Empty Data Segment Directive

Typically, when data is no longer useful it may be erased. In many filesystems, an erase command deletes a directory entry in the file systemwhile leaving the data in place in the storage device containing thedata. Typically, a data storage device is not involved in this type oferase operation. Another method of erasing data is to write zeros, ones,or some other null data character to the data storage device to actuallyreplace the erased file. However, this is inefficient because valuablebandwidth is used while transmitting the data is being overwritten. Inaddition, space in the storage device is taken up by the data used tooverwrite invalid data.

In some storage devices, like the solid-state storage device 102described herein, are append and garbage collect storage devices soupdating previously stored data does not overwrite existing data.Attempting to overwrite data with a string of ones or a string of zeroson such a device takes up valuable space without fulfilling the desiredintent of overwriting the existing data. For these append and garbagecollect devices, such as solid-state storage devices 102, a client 114typically does not have an ability to overwrite data to erase it.

When receiving a string of repeated characters or character strings, thereceived data is highly compressible, but typically compression is doneby a file system prior to transmission to a storage device. A typicalstorage device cannot distinguish between compressed data anduncompressed data. The storage device may also receive a command to readthe erased file so the storage device may transmit a stream of zeros,ones, or a null character to the requesting device. Again, bandwidth isrequired to transmit data representing the erased file.

From the foregoing discussion, it should be apparent that a need existsfor an apparatus, system, and method for a storage device to receive adirective that data is to be erased so that the storage device can storea data segment token that represents an empty data segment or data withrepeated characters or character strings. The apparatus, system, andmethod may also erase the existing data so that the resulting usedstorage space comprises the small data segment token. An apparatus,system, and method are presented that overcome some or all of theshortcomings of the prior art.

FIG. 10 is a schematic block diagram illustrating one embodiment of asystem 1000 with an apparatus for generating a token directive inaccordance with the present invention. The apparatus includes a tokendirective generation module 1002, a token directive transmission module1004, a read receiver module 1006, a read request transmission module1008, a read token directive receiver module 1010, a requesting clientresponse module 1012, and data segment regeneration module 1014, whichare described below. In one embodiment, the apparatus is in a server 112connected to a storage device 150 with a storage controller 152 and adata storage device 154, which are substantially similar to thosedescribed above.

In one embodiment, the apparatus includes a token directive generationmodule 1002 that generates a storage request with a token directive. Thetoken directive includes a request to store a data segment token on thestorage device 150. The token directive is intended to be substitutedfor a series of repeated, identical characters or a series of repeated,identical character strings that would be sent to the storage device 150and stored as a data segment if the data segment token was not sent inits place. In one embodiment, the series of repeated, identicalcharacters indicate that the data segment is empty. For example, theseries of repeated, identical characters may be zeros or ones and a datasegment filled with zeros or ones may be interpreted as empty.

The token directive includes at least a data segment identifier and adata segment length. The data segment identifier is typically an objectID, file name, or other identifier known to a file system, application,server 112, etc. seeking to store the repeated, identical characters orcharacter string on the storage device. The data segment length istypically the storage space required by the series of repeated,identical characters or character strings. The data segment token andthe token directive typically do not include data of the data segment,such as the series of repeated, identical characters.

The token directive may, however, include other pertinent informationfor forming the data segment token, such as at least one instance of therepeated, identical character or character string. The token directivemay also include metadata, such as a data segment location, an addressfrom a file system, location on a data storage device corresponding tothe data segment, etc. One of skill in the art will recognize otherinformation that may be included with a token directive. In oneembodiment, the token directive generation module 1002 generates a datasegment token along with the token directive.

In one embodiment, the token directive generation module 1002 generatesboth a token directive and a secure erase command in response to arequest to overwrite existing data on the storage device 150. Theexisting data includes data identified on the storage device 150 withthe same data segment identifier as the data segment identifier in thetoken directive. Typically, a request to overwrite data is sent where itis not sufficient to merely mark data as invalid or garbage, delete apointer to the data, or other typical delete operation, but where thedata is required to be overwritten in such a way that that the data isnot recoverable. For example, the request to overwrite the data may berequired where data is considered sensitive information and must bedestroyed for security reasons.

The secure erase command directs the storage device 150 to overwriteexisting data so that the existing data is non-recoverable. The storagedevice 150 then creates the data segment token as well as overwrites,recovers, erases, etc. the existing data. As a result, the existing datais non-recoverable and the data segment token is stored on the storagedevice 150, which typically takes much less storage space than theexisting data.

In a further embodiment, the apparatus includes an erase confirmationmodule 1016 that receives a confirmation that the existing data on thestorage device 150 has been overwritten with characters so that theexisting data is non-recoverable. The confirmation may be forwarded to arequesting device or client 114 and may be used to verify that theexisting data has been put in a condition where it is non-recoverable.In other embodiments, the secure erase command may direct the storagedevice 150 to overwrite the existing data with a specific character orcharacter string or the execute command may be executed multiple times.One of skill in the art will recognize other ways to configure one ormore secure erase commands to ensure the existing data isnon-recoverable.

Data may be encrypted and then stored on a storage device 150 whereencryption is accomplished using an encryption key received by thestorage device 150 in conjunction with storing the data. Where theexisting data is encrypted with this received encryption key beforebeing stored, in another embodiment the token directive generationmodule 1002 generates an encryption erase command along with generatinga token directive in response to receiving a request to overwrite theexisting data. The encryption erase command erases the encryption keyused to store the existing data so that the encryption key isnon-recoverable.

In one embodiment, erasing the encryption key includes erasing theencryption key from the requesting device. In another embodiment,erasing the encryption key includes erasing the encryption key from aserver, key vault, or other location where the encryption key is stored.Erasing the encryption key may include replacing the encryption key withother data or with a series of characters so that the encryption keycannot be recovered in any way. Erasing the encryption key typicallymakes the existing data on the storage device 150 non-recoverable wherean encryption routine was used to encrypt the existing data that isrobust enough to thwart attempts to decrypt the existing data. Therequest to overwrite the existing data could be a secure erase directivewhere the data is overwritten for security reasons, a request tooverwrite data to erase the data, a request that seeks to replace theexisting data with the repeated, identical characters or characterstrings, or the like. In one embodiment, a secure erase directive causesdevices to both securely erase the encryption key and securely erase theexisting data. In one embodiment, erasure of the encryption key mayallow secure erasure of the data on the storage device 150 to bepostponed until a garbage collection process erases the data as part ofa storage space recovery process. One of skill in the art will recognizeother ways to erase an encryption key and other ways to receive arequest to overwrite existing data.

In one embodiment, a token directive includes the data segment token andthe token directive transmission module 1004 transmits the data segmenttoken with the token directive. In another embodiment, a token directivedoes not include the data segment token and includes a command for thestorage device 150 to generate the data segment token. In thisembodiment, the token directive transmission module 1004 transmits thetoken directive with the command to generate a data segment token, butdoes not transmit a data segment token.

The apparatus includes a token directive transmission module 1004 thattransmits the token directive to the storage device 150. Typically, thetoken directive transmission module 1004 transmits the token directiveas part of a storage request. The storage request may be in the form ofan object request, a data request, or other form known to those of skillin the art. Where the token directive generation module 1002 generates asecure erase directive, the token directive transmission module 1004transmits the secure erase directive to the storage device 150. Wherethe token directive generation module 1002 generates an erase encryptionkey command, the erase encryption key command is transmitted, wherenecessary, to another device to execute the command.

In one embodiment, the token directive transmission module 1004transmits a token directive without a data segment token. In thisembodiment, the token directive includes instructions and informationfor the storage device 150 to create a data segment token. In anotherembodiment, the token directive transmission module 1004 transmits atoken directive that includes a data segment token. In this embodiment,the storage device 150 is capable of recognizing that the data segmenttoken received with the token directive represents a data segment andtakes appropriate action to store the data segment token such that thedata segment token represents the data segment rather than merelystoring the data segment token as ordinary data.

The apparatus, in a particular embodiment, includes a read receivermodule 1006 that receives a storage request to read the data segmentfrom the storage device 150 and a read request transmission module 1008that transmits the storage request to the storage device 150. Typically,the storage request is received from a requesting client 114, such as anexternal client 114, a client 114 internal to the server 112, such as anapplication or file server running on the server 112, etc. One of skillin the art will recognize other devices and software functioning as arequesting client 114 from which the read receiver module 1006 canreceive a storage request.

The storage request includes a request to read the data segmentcorresponding to the data segment token requested to be stored in thetoken directive transmitted to the storage device 150 by the tokendirective transmission module 1004. The requesting client 114, in oneembodiment, is unaware that the data segment has been stored in the formof a data segment token. In another embodiment, the requesting device isaware that the data segment has been stored as a data segment token butis unaware of the information stored in the data segment token.

The apparatus, in the particular embodiment, also includes a read tokendirective receiver module 1010 that receives a message corresponding tothe requested data segment token from the storage device 150, where themessage includes at least the data segment identifier and the datasegment length. The message typically does not include data of the datasegment. The message may also include other information stored in thedata segment token, such as a data segment location or the repeated,identical character or character string. In the particular embodiment,the apparatus includes a requesting client response module 1012 thattransmits a response to the requesting client 113 formulated from themessage received from the storage device 150.

In one embodiment, read token directive receiver module 1010 alsoreceives in the message a confirmation that existing data has beenoverwritten with characters such that the existing data isnon-recoverable, where the existing data has been previously stored onthe storage device 150 and referenced with the same data segmentidentifier from the data segment token received in the message. Theconfirmation may also be received from the storage device 150independently from any storage request to read the data segment.

In another embodiment, where the requesting client 114 requires the datasegment, the apparatus includes a data segment regeneration module 1014that reconstitutes data of the data segment using information containedin the message. In this case, the response sent to the requesting clientincludes the reconstituted data segment. In another embodiment, theresponse sent to the requesting client includes information contained inthe message received from the storage device 150. The requesting client114 may then reconstitute the data segment or use the information insome other way. In another embodiment, the message includes the datasegment token. The data segment token may be used by the data segmentregeneration module 1014 to reconstitute the data segment beforeforwarding to the requesting client 114 or the requesting clientresponse module 1012 may simply forward the data segment token.

In one embodiment, the storage request with the token directive alsoincludes a request to reserve storage space on the storage device 150,where the requested reserved storage space is an amount of storage spacethat is about the same to the data segment length. In anotherembodiment, the request to reserve storage space is for an amount ofstorage space different than the data segment length. For example, ifthe storage device 150 is a solid-state storage device 102, thesolid-state storage device 102 may be connected to a hard drive or otherlong-term, inexpensive storage while the solid-state storage 110 isconfigured as cache for the long-term storage. The request to reservestorage may cause the solid-state storage device 102 to flush a portionof the cache to the long-term storage in preparation for writing data tothe solid-state storage device 102. One of skill in the art willrecognize other situations were a request to reserve storage space isdesired.

In one embodiment, an apparatus may be provided with a read receivermodule 1006, a read request transmission module 1008, a read tokendirective receiver module 1010, and a requesting client response module1012, which are substantially similar to those described above. In theembodiment, the modules 1006-1012 may be independent from an apparatusincluding a token directive generation module 1002 or a token directivetransmission module 1004. In one embodiment, the apparatus includes adata segment regeneration module 1014, which is substantially similar tothe data segment regeneration module 1014 described above.

FIG. 11 is a schematic flow chart diagram illustrating an embodiment ofa method 1100 for generating and transmitting a token directive inaccordance with the present invention. The method 1100 begins 1102 andthe token directive generation module 1002 generates 1104 a storagerequest with a token directive, where the token directive includes arequest to store a data segment token on the storage device 150. Thetoken directive transmission module 1004 transmits 1106 the tokendirective to the storage device 150 and the method 1100 ends 1108. Inone embodiment, the storage request includes a token directive to storethe data segment token where the storage request is essentially freefrom data of the data segment. In another embodiment, storage requestincludes data from the data segment. In a preferred embodiment, asoftware application creates a storage request using the token directiveso as to avoid the creation of the data segment. In another embodiment,a software application requests the creation of the token directive.

FIG. 12 is a schematic flow chart diagram illustrating an embodiment ofa method 1200 for reading a data segment token in accordance with thepresent invention. The method 1200 begins 1202 and the read receivermodule 1006 receives 1204 a storage request to read a data segment froma storage device 150 from a requesting client 114. The read requesttransmission module 1008 transmits 1206 the storage request to thestorage device 150.

The read token directive receiver module 1010 receives 1208 a messagecorresponding to the requested data segment token from the storagedevice 150, where the message includes at least the data segmentidentifier and the data segment length. The message is substantiallyfree from data of the data segment. The requesting client responsemodule 1012 transmits 1210 a response to the requesting clientformulated from the message received from the storage device 150 and themethod 1200 ends 1212.

FIG. 13 is a schematic block diagram illustrating one embodiment of asystem 1300 with an apparatus for managing a data segment token inaccordance with the present invention. The system 1300 includes anapparatus with a write request receiver module 1302 and a data segmenttoken storage module 1304, and in various embodiments a token generationmodule 1306, a read request receiver module 1308, a read data segmenttoken module 1310, a read request response module 1312 with a transmitdata segment token module 1314 and a transmit data segment module 1316,a reconstitute data segment module 1318, a secure erase module 1320 withan erase confirmation module 1322, and a storage space reservationmodule 1324, which are described below. The system 1300 includes astorage device 150 with a storage controller 152 and a data storagedevice 154, which are substantially similar to those described above.The system 1300 includes a requesting device 1326, which is describedbelow, in communication with the storage device 150.

In the depicted embodiment, the modules 1302-1324 are included in thestorage device 150 or storage controller 152. In another embodiment, atleast a portion of one or more of the modules 1302-1324 is locatedoutside the storage device 150. In a further embodiment, the requestingdevice 1326 includes a portion of the modules 1302-1324 in the form ofdrivers, software, or other function of one or more of the modules1302-1324. For example, a token generation module 1306 and areconstitute data segment module 1318 are shown in the requesting device1326. One of skill in the art will recognize other ways to distributeand implement the functionality of the modules 1302-1324.

The apparatus includes a write request receiver module 1302 thatreceives a storage request from the requesting device 1326, where thestorage request includes a request to store a data segment in thestorage device 150. The data segment includes a series of repeated,identical characters or character strings. Typically, the series ofrepeated, identical characters signify that the data segment is empty.This is especially true when the series of repeated, identicalcharacters are ones or zeros. The apparatus includes a data segmenttoken storage module 1304 that stores a data segment token in thestorage device 150. The data segment token includes at least a datasegment identifier and a data segment length. The data segment token issubstantially free of the actual data from the data segment.

The data segment token may be stored in many forms. In one embodiment,includes an entry in an index, where the index corresponds toinformation and data stored on the storage device 150. For example, theindex may be an object index as described above in relation to theapparatus 200 depicted in FIG. 2. The index may also be file systemindex, a block storage index, or other index known to those of skill inthe art. In another embodiment, the data segment token includes or is inthe form of metadata stored on the storage device 150. In anotherembodiment, the data segment token is stored as metadata on the storagedevice 150 and includes an entry in an index. One of skill in the artwill recognize other ways to storage a data segment token.

In one embodiment, the storage request includes a token directive tostore the data segment token where the storage request is essentiallyfree from data of the data segment. The token directive may include thedata segment token or a command to generate a data segment token. Wherethe token directive does not include the data segment token, the datasegment token storage module 1304 generates the data segment token frominformation in the token directive. If the token directive includes thedata segment token, the data segment token storage module 1304recognizes the data segment token as a data structure representing thedata segment identified by the data segment identifier in the tokendirective and stores the data segment token appropriately.

Typically, where the data segment token storage module 1304 recognizes adata segment token, the data segment token is differentiated in some wayfrom other data stored on the storage device 150. For example, arequesting device 1326 may merely compress data and send a compressedobject, file, or data segment so that the storage device 150 does notdistinguish the compressed data segment from other data received by wayof other storage requests.

Where the data segment token storage module 1304 recognizes that areceived data segment token is a data segment token, the data segmenttoken storage module 1304 may store the data segment token in such a waythat when read, it may appear as a data segment rather than the datasegment token. One of skill in the art will recognize other ways thatthe data segment token storage module 1304 may store a data segmenttoken after recognizing that a received data segment token is a datasegment token rather than a data segment.

In another embodiment, storage request includes data from the datasegment. In this embodiment, the apparatus includes a token generationmodule 1306 that generates a data segment token from the data segment,where the data segment token is created in response to the storagerequest to store the data segment. In a further embodiment, the tokengeneration module 1306 resides in the requesting device 1326, possiblyin the form of a driver.

In one embodiment, the apparatus includes a secure erase module 1320that overwrites existing data with characters such that the existingdata is non-recoverable, where the existing data includes data of a datasegment previously stored on the storage device 150 identified with thesame data segment identifier as the data segment identified in thestorage request. In this embodiment, a data segment token is stored withthe data segment identifier and data segment length and existing dataidentified by the same data segment identifier stored in the datasegment token is erased by overwriting the existing data. Typically theexisting characters are overwritten by zeros, ones, or some othercharacter string so that the existing data is destroyed and isnon-recoverable.

In a further embodiment, the secure erase module 1320 also includes anerase confirmation module 1322 that transmits a message indicating thatthe existing data has been overwritten. Typically the message is sent tothe requesting device 1326. The erase confirmation message istransmitted after the secure erase module 1320 has overwritten theexisting data. The message may be transmitted in the same transaction asthe storage request or in a different transaction.

In another embodiment, the secure erase module 1320 overwrites theexisting data during a storage space recovery operation. For example, ifthe storage device 150 is a solid-state storage device 102, as describedabove, the storage space recovery operation may be related to thegarbage collection describe in relation to the apparatus 800 depicted inFIG. 8. However, a storage space recovery operation involving a requestto overwrite the existing data would typically be expedited so that thestorage location where the existing data is stored is necessarilyrecovered prior to any confirmation message is sent by the eraseconfirmation module 1322. In one embodiment, the existing data is markedor otherwise identified to indicate that a secure erase has beenrequested. The confirmation message would typically not be sent untilthe existing data marked for erasure has been overwritten and madenon-recoverable. In another embodiment, the secure erase module 1320merely marks the existing data as invalid for later storage spacerecovery. In another embodiment, the secure erase updates an index toindicate that the existing data is invalid and prevents access to thisdata until the data is overwritten during later storage space recovery.

In one embodiment, the secure erase module 1320 overwrites the existingdata each time a data segment token is stored. In another embodiment,the storage request specifically includes a request to overwrite theexisting data and the secure erase module 1320 overwrites the existingdata in response to the request to overwrite the existing data. Inanother embodiment, the secure erase module 1320 stores metadatainformation regarding confirmation that the existing data has beenerased so that subsequent reads can indicate the erasure.

In other embodiments where a secure erase is not received, the existingdata is deleted. In one embodiment, deleting the data includes deletingan index entry, address, etc.

In a preferred embodiment, the when a data segment token is stored, thecorresponding existing data is marked as invalid or otherwise ready forstorage recovery. The data may be later recovered in a storage recoveryoperation, garbage collection operation, etc.

In a particular embodiment, the apparatus includes a read requestreceiver module 1308 that receives a storage request to read the datasegment, a read data segment token module 1310 that reads the datasegment token corresponding to the data segment requested by the storagerequest, and a read request response module 1312 that transmits aresponse to the requesting device 1326. The response is generated usingthe data segment token corresponding to the requested data segment.

The storage request to read the data segment, in one embodiment, isassociated with the storage request and serves to confirm that thestorage request has been successful. In another embodiment, the requestto read the data segment is independent from the storage request and maybe initiated by the requesting device 1326 that made the storage requestor another separate requesting device 1326.

In one embodiment, where the requesting device 1326 is capable ofreceiving information from the data segment token in place of actualdata, the read request response module 1312 includes a transmit datasegment token module 1314 that transmits in the response a message tothe requesting device 1326. The message includes at least the datasegment identifier and the data segment length, but may also include adata segment location, at least one instance of the repeated, identicalcharacter or character string, or other pertinent information.Typically, the message does not include the actual data of the datasegment, other than what is included in the data segment token.

In another embodiment, where the requesting device 1326 is expecting toreceive a data segment, the apparatus includes a reconstitute datasegment module 1318 that reconstitutes data of the data segment usingthe data segment token. The read request response module 1312 alsoincludes a transmit data segment module 1316 that transmits thereconstituted requested data segment to the requesting device 1326. Inanother embodiment, the reconstitute data segment module 1318 resides atthe requesting device 1326, possibly as in the form of a driver, and thetransmit data segment token module 1314 transmits the message with thedata segment token information to the requesting device 1326. Thereconstitute data segment module 1318 at the requesting device 1326reconstitutes the requested data segment from the message.

In one embodiment, the system 1300 includes a separate apparatus thatincludes a read request receiver module 1308, a read data segment tokenmodule 1310, a read request response module 1312, which aresubstantially similar to those described above. The apparatus may beindependent from the apparatus including the write request receivermodule 1302 and the data segment token storage module 1304. In oneembodiment, the read request response module 1312 includes a transmitdata segment token module 1314 and/or a transmit data segment module1316, and the apparatus may include a reconstitute data segment module1318, where the modules 1314, 1316, 1318 are substantially similar tothose described above.

FIG. 14 is a schematic flow chart diagram illustrating an embodiment ofa method 1400 for storing a data segment token in accordance with thepresent invention. The method 1400 begins 1402 and the write requestreceiver module 1302 receives 1404 a storage request from the requestingdevice 1326, where the storage request includes a request to store adata segment in the storage device 150. The data segment includes aseries of repeated, identical characters or character strings. The datasegment token storage module 1304 stores 1406 a data segment token inthe storage device 150 and the method 1400 ends 1408. The data segmenttoken includes at least a data segment identifier and a data segmentlength and the data segment token does not include data from the datasegment for the most part.

FIG. 15 is a schematic flow chart diagram illustrating an embodiment ofa method 1500 for reading a data segment token in accordance with thepresent invention. The method 1500 begins 1502 and the read requestreceiver module 1308 receives 1504 a storage request to read a datasegment from the storage device 150. The data segment is represented onthe storage device 150 by a data segment token and the data segmentincludes a series of repeated, identical characters or characterstrings. The data segment token includes at least a data segmentidentifier and a data segment length and the data segment token does notinclude data from the data segment. The read data segment token module1310 reads 1506 the data segment token corresponding to the data segmentrequested in the storage request, the read request response module 1312transmits 1508 a response to the requesting storage device 150 and themethod 1500 ends 1510. The response is generated using the data segmenttoken corresponds to the requested data segment.

The present invention may be embodied in other specific forms withoutdeparting from its spirit or essential characteristics. The describedembodiments are to be considered in all respects only as illustrativeand not restrictive. The scope of the invention is, therefore, indicatedby the appended claims rather than by the foregoing description. Allchanges which come within the meaning and range of equivalency of theclaims are to be embraced within their scope.

1. A method for managing data stored on non-volatile storage media, themethod comprising: receiving a storage request at a file system, thestorage request indicating that data stored on a non-volatile storagemedia and referenced by a logical identifier can be erased from thenon-volatile storage media; sending a message and a secure erase commandfrom the file system to a storage controller in response to the receivedstorage request, the storage controller configured to maintain an indexcomprising mappings between logical identifiers of the file system andphysical storage locations of the non-volatile storage media such that alogical identifier can be mapped to any of a plurality of the physicalstorage locations, wherein the message comprises a logical identifiercorresponding to data that can be erased from the non-volatile storagemedia, and wherein the storage controller is configured to record thatpersistent data stored on one or more identified physical storagelocations mapped to the logical identifier of the message in the indexcan be erased from the non-volatile storage media in response to themessage wherein the secure erase command directs the storage controllerto render the persistent data stored on the one or more identifiedphysical storage locations unrecoverable; and receiving a confirmationat the file system that the data is unrecoverable.
 2. The method ofclaim 1, wherein the storage controller is configured to store data onthe non-volatile storage media using an append-only writing process andis further configured to recover storage space on the non-volatilestorage media using a storage space recovery process that re-usesnon-volatile storage media storing invalid persistent data.
 3. Themethod of claim 1, wherein the message comprises a hint indicating thatthe persistent data, stored on the identified physical storage locationsof the non-volatile storage media, can be erased from the non-volatilestorage media, and wherein the storage controller selects a storagedivision comprising the identified physical storage locations forrecovery based, at least in part, on the message.
 4. The method of claim1, wherein the non-volatile storage media requires storage spacerecovery to maintain available storage capacity, and wherein the storagecontroller recovers storage space by reusing storage capacity comprisingpersistent data that can be erased from the non-volatile storage media.5. The method of claim 1, wherein the persistent data that can be erasedfrom the non-volatile storage media comprises one of deleted data anderased data.
 6. A method for managing persistent data stored on anon-volatile storage media, the method comprising: determining at anoperating system that data referenced by a logical identifier can beerased from a non-volatile storage media; sending a message and a secureerase directive from the operating system to a storage controller, thestorage controller configured to maintain an index comprisingassociations between logical identifiers and physical storage locationsof the non-volatile storage media such that a logical identifier can beassociated with any of a plurality of the physical storage locations,wherein the message indicates a logical identifier that is no longer inuse to reference persistent data stored on the non-volatile storagemedia, and wherein the storage controller is configured to record thatpersistent data stored on one or more physical storage locationsassociated with the indicated logical identifier in the index can beerased from the non-volatile storage media; wherein the secure erasedirective is configured to direct the storage controller to modify thenon-volatile storage medium such that the persistent data stored on theone or more physical storage locations is non-recoverable; and receivinga confirmation at the operating system that the secure erase directiveis complete.
 7. The method of claim 6, further comprising selecting astorage division for recovery based, at least in part, on the message.8. The method of claim 6, further comprising: selecting a storagedivision for recovery that comprises the one or more physical storagelocations associated with the indicated logical identifier; relocatingvalid data of the selected storage division, wherein relocating thevalid data comprises determining that the persistent data, stored on theone or more physical storage locations, does not need to be relocated;and erasing the selected storage division.
 9. A method for managingpersistent data stored on a non-volatile storage media, the methodcomprising: determining at a storage client that data stored on anon-volatile storage media and associated with a logical identifier doesnot need to be preserved on the non-volatile storage media; and sendinga message and a secure erase command from the storage client to astorage controller, the storage controller configured to maintain anindex that maps logical identifiers to physical storage locations of thenon-volatile storage media such that a logical identifier can be mappedto any of a plurality of the physical storage locations in the index,wherein the message specifies a logical identifier that is no longer inuse to reference persistent data stored on the non-volatile storagemedia, and wherein the storage controller is configured to modify theindex to indicate that persistent data stored on one or more physicalstorage locations mapped to the specified logical identifier by themetadata does not need to be preserved on the non-volatile storage mediain response to the message; wherein the secure erase command directs thestorage controller to make the persistent data non-recoverable; andreceiving a confirmation at the operation system that the persistentdata is non-recoverable.
 10. The method of claim 9, wherein modifyingthe metadata comprises invalidating the persistent data stored on theone or more physical storage locations.
 11. The method of claim 9,wherein modifying the metadata comprises removing a mapping between thespecified logical identifier and the one or more physical storagelocations in the metadata.
 12. The method of claim 9, further comprisingaccessing the metadata to identify valid data to relocate in response torecovering a storage division.
 13. The method of claim 9, whereinmodifying the metadata comprises annotating an index to indicate thatpersistent data stored on the one or more physical storage locationsmapped to the specified logical identifier, does not need to bepreserved.